Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
usersultra usersultra vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-4109
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin prior to 1.5.16 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) act...
Usersultra Usersultra
7.5
CVSSv2
CVE-2022-0769
The Users Ultra WordPress plugin up to and including 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated us...
Usersultra Users Ultra
6.8
CVSSv2
CVE-2015-9394
The users-ultra plugin prior to 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
Usersultra Users Ultra Membership
6.8
CVSSv2
CVE-2015-9402
The users-ultra plugin prior to 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
Usersultra Users Ultra Membership
3.5
CVSSv2
CVE-2015-9392
The users-ultra plugin prior to 1.5.63 for WordPress has XSS via the p_name parameter.
Usersultra Users Ultra Membership
3.5
CVSSv2
CVE-2015-9393
The users-ultra plugin prior to 1.5.63 for WordPress has XSS via the p_desc parameter.
Usersultra Users Ultra Membership
6.5
CVSSv2
CVE-2015-9395
The users-ultra plugin prior to 1.5.64 for WordPress has SQL Injection via an ajax action.
Usersultra Users Ultra Membership
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started