WordPress · The Ultimate Reviews · CVE-2020-36726
**Name of the Vulnerable Software and Affected Versions**
The Ultimate Reviews plugin for WordPress versions up to and including 2.1.32
**Description**
The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in several vulnerable functions, as no POP chain is present in the vulnerable plugin.
**Recommendations**
For versions up to and including 2.1.32, update to a version that contains a fix for this issue to prevent PHP Object Injection.