CVE-2026-39644 PUBLISHED

WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability

Assigner: Patchstack
Reserved: 07.04.2026 Published: 08.04.2026 Updated: 08.04.2026

Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8.

Product Status

Vendor Roxnor
Product Wp Ultimate Review
Versions Default: unaffected
  • affected from 0 to 2.3.8 (incl.)

Credits

  • hhhai | Patchstack Bug Bounty Program finder

References

Problem Types

  • Missing Authorization CWE

Impacts

  • Exploiting Incorrectly Configured Access Control Security Levels