Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2014-4561
The ultimate-weather plugin 1.0 for WordPress has XSS
Ultimate-weather Project Ultimate-weather 1.0
NA
CVE-2006-6790
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and previous versions allows remote malicious users to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
Ultimate Php Board Ultimate Php Board
1 EDB exploit
NA
CVE-2006-7169
PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.
Ultimate Php Board Ultimate Php Board
1 EDB exploit
4.8
CVSSv3
CVE-2017-16758
Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin prior to 1.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the "access_token" parameter.
Ultimate Instagram Feed Project Ultimate Instagram Feed
NA
CVE-2002-2322
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote malicious users to obtain usernames and passwords.
Ultimate Php Board Ultimate Php Board 1.0 Beta
NA
CVE-2002-2276
Ultimate PHP Board (UPB) 1.0 allows remote malicious users to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
Ultimate Php Board Ultimate Php Board 1.0
NA
CVE-2005-2003
Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote malicious users to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message.
Ultimate Php Board Ultimate Php Board 1.9.6 Gold
NA
CVE-2007-1059
PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote malicious users to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.
Ultimate Fun Book Ultimate Fun Book 1.02
1 EDB exploit
NA
CVE-2013-3263
Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote malicious users to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3)...
Smackcoders Wp Ultimate Email Marketer Plugin
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.3
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.2
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.1
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.0
NA
CVE-2013-3264
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote malicious users to modify list or campaign data.
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.3
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.2
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.1
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.0
Smackcoders Wp Ultimate Email Marketer Plugin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »