Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges ...
Ultimatemember Ultimate Member
445
VMScore
CVE-2019-17232
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin up to and including 1.8.24 for WordPress allows unauthenticated options import.
Etoilewebdesign Ultimate Faq
383
VMScore
CVE-2019-17233
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin up to and including 1.8.24 for WordPress allows HTML content injection.
Etoilewebdesign Ultimate Faq
383
VMScore
CVE-2016-10872
The ultimate-member plugin prior to 1.3.40 for WordPress has XSS on the login form.
Ultimatemember Ultimate Member
383
VMScore
CVE-2006-3155
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) u...
Thinkfactory Ultimate Estate
605
VMScore
CVE-2018-20968
The wp-ultimate-exporter plugin prior to 1.4.2 for WordPress has CSRF.
Smackcoders Ultimate Exporter
312
VMScore
CVE-2021-24306
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin prior to 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected...
Ultimatemember Ultimate Member
312
VMScore
CVE-2022-23979
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15).
Etoilewebdesign Ultimate Reviews
NA
CVE-2023-0890
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber t...
Getshortcodes Shortcodes Ultimate
NA
CVE-2023-0911
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as...
Getshortcodes Shortcodes Ultimate
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »