Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-9500
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
Exquisite Ultimate Newspaper Project Exquisite Ultimate Newspaper 1.3.3
7.5
CVSSv2
CVE-2002-1820
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote malicious user to impersonate the administrator by registering an account name of admin with a lower case "a."
Ultimate Php Board Project Ultimate Php Board 1.0
4.3
CVSSv2
CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin up to and including 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Ultimate Woocommerce Csv Importer Project Ultimate Woocommerce Csv Importer
5.4
CVSSv2
CVE-2014-6737
The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Ultimate Target-armored Sniper Project Ultimate Target-armored Sniper 1.0.1
7.5
CVSSv2
CVE-2015-9452
The nex-forms-express-wp-form-builder plugin prior to 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
Nex-forms - Ultimate Form Builder Project Nex-forms - Ultimate Form Builder
NA
CVE-2023-23832
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions.
Ultimate Wp Query Search Filter Project Ultimate Wp Query Search Filter
NA
CVE-2023-30474
Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions.
Ultimate Noindex Nofollow Tool Ii Project Ultimate Noindex Nofollow Tool Ii
3.5
CVSSv2
CVE-2021-24525
The Shortcodes Ultimate WordPress plugin prior to 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attribut...
Getshortcodes Shortcodes Ultimate
7.5
CVSSv2
CVE-2017-18580
The shortcodes-ultimate plugin prior to 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
Getshortcodes Shortcodes Ultimate
6.8
CVSSv2
CVE-2017-2886
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this ...
Acdsee Ultimate 10.0.0.292
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »