Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34208
Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and previous versions allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.
Easyuse Mailhunter Ultimate
NA
CVE-2023-34209
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and previous versions allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.
Easyuse Mailhunter Ultimate
NA
CVE-2023-34210
SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.
Easyuse Mailhunter Ultimate
5
CVSSv2
CVE-2019-17232
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin up to and including 1.8.24 for WordPress allows unauthenticated options import.
Etoilewebdesign Ultimate Faq
4.3
CVSSv2
CVE-2019-17233
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin up to and including 1.8.24 for WordPress allows HTML content injection.
Etoilewebdesign Ultimate Faq
NA
CVE-2023-50828
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/...
Davidvongries Ultimate Dashboard
NA
CVE-2023-5667
The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent...
Themepoints Tab Ultimate
7.5
CVSSv2
CVE-2020-36157
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role param...
Ultimatemember Ultimate Member
5
CVSSv2
CVE-2020-36170
The Ultimate Member plugin prior to 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
Ultimatemember Ultimate Member
4.3
CVSSv2
CVE-2021-24274
The Ultimate Maps by Supsystic WordPress plugin prior to 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Supsystic Ultimate Maps
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »