vulnerability

WordPress Plugin: wp-ultimate-review: CVE-2024-21746: Use of Less Trusted Source

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 5, 2024	Jan 7, 2026	Jan 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 5, 2024

Added

Jan 7, 2026

Modified

Jan 7, 2026

Description

The WP Ultimate Review plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.3.6 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting.

Solution

wp-ultimate-review-plugin-cve-2024-21746

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-21746
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/31418a45-7dae-4cd4-8f85-0498a285ef6d?source=api-prod
CVE-2024-21746
https://attackerkb.com/topics/CVE-2024-21746
CWE-290

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today