Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2002-1820
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote malicious user to impersonate the administrator by registering an account name of admin with a lower case "a."
Ultimate Php Board Project Ultimate Php Board 1.0
6.1
CVSSv3
CVE-2015-9500
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
Exquisite Ultimate Newspaper Project Exquisite Ultimate Newspaper 1.3.3
6.1
CVSSv3
CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin up to and including 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Ultimate Woocommerce Csv Importer Project Ultimate Woocommerce Csv Importer
NA
CVE-2014-6737
The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Ultimate Target-armored Sniper Project Ultimate Target-armored Sniper 1.0.1
9.8
CVSSv3
CVE-2015-9452
The nex-forms-express-wp-form-builder plugin prior to 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
Nex-forms - Ultimate Form Builder Project Nex-forms - Ultimate Form Builder
8.8
CVSSv3
CVE-2023-30474
Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions.
Ultimate Noindex Nofollow Tool Ii Project Ultimate Noindex Nofollow Tool Ii
5.4
CVSSv3
CVE-2023-23832
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions.
Ultimate Wp Query Search Filter Project Ultimate Wp Query Search Filter
9.8
CVSSv3
CVE-2017-18580
The shortcodes-ultimate plugin prior to 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2023-5667
The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent...
Themepoints Tab Ultimate
5.7
CVSSv3
CVE-2021-24968
The Ultimate FAQ WordPress plugin prior to 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FA...
Etoilewebdesign Ultimate Faq
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »