Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36357
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilon ULTIMATE TABLES plugin <= 1.6.5 versions.
Webpsilon Ultimate Tables
3.5
CVSSv2
CVE-2021-24525
The Shortcodes Ultimate WordPress plugin prior to 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attribut...
Getshortcodes Shortcodes Ultimate
4.3
CVSSv2
CVE-2019-15643
The ultimate-faqs plugin prior to 1.8.22 for WordPress has XSS.
Etoilewebdesign Ultimate Faq
4.3
CVSSv2
CVE-2018-17866
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin prior to 2.0.28 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the "Prim...
Ultimatemember Ultimate Member
3.5
CVSSv2
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding ...
Ultimatemember Ultimate Member
3.5
CVSSv2
CVE-2022-1209
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for malicious users to redirect unsuspecting victims in versions up to, and including, 2...
Ultimatemember Ultimate Member
5
CVSSv2
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
4
CVSSv2
CVE-2017-2245
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote malicious users to read arbitrary files via unspecified vectors.
Getshortcodes Shortcodes Ultimate
6.4
CVSSv2
CVE-2017-9625
An Improper Authentication issue exists in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an malicious user to view information and modify settings or execute code remotely.
Envitech Envidas Ultimate
NA
CVE-2023-31216
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
Ultimatemember Ultimate Member
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »