Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-18580
The shortcodes-ultimate plugin prior to 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
Getshortcodes Shortcodes Ultimate
312
VMScore
CVE-2021-24968
The Ultimate FAQ WordPress plugin prior to 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FA...
Etoilewebdesign Ultimate Faq
383
VMScore
CVE-2019-15643
The ultimate-faqs plugin prior to 1.8.22 for WordPress has XSS.
Etoilewebdesign Ultimate Faq
828
VMScore
CVE-2019-10673
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin prior to 2.0.40 for WordPress allows malicious users to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can cha...
Ultimatemember Ultimate Member
383
VMScore
CVE-2018-17866
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin prior to 2.0.28 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the "Prim...
Ultimatemember Ultimate Member
383
VMScore
CVE-2006-3155
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) u...
Thinkfactory Ultimate Estate
312
VMScore
CVE-2019-14945
The ultimate-member plugin prior to 2.0.54 for WordPress has XSS.
Ultimatemember Ultimate Member
312
VMScore
CVE-2019-14947
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS during an account upgrade.
Ultimatemember Ultimate Member
383
VMScore
CVE-2006-3153
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the cat parameter.
Thinkfactory Ultimate Estate
445
VMScore
CVE-2019-17232
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin up to and including 1.8.24 for WordPress allows unauthenticated options import.
Etoilewebdesign Ultimate Faq
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »