Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2017-9625
An Improper Authentication issue exists in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an malicious user to view information and modify settings or execute code remotely.
Envitech Envidas Ultimate
6.5
CVSSv3
CVE-2023-0890
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber t...
Getshortcodes Shortcodes Ultimate
6.5
CVSSv3
CVE-2023-0911
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as...
Getshortcodes Shortcodes Ultimate
NA
CVE-2009-3601
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote malicious users to inject arbitrary web script or HTML via the clr parameter in a vote action.
Scriptsez Ultimate Poll
1 EDB exploit
8.8
CVSSv3
CVE-2019-10270
An arbitrary password reset issue exists in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to k...
Ultimatemember Ultimate Member
4.3
CVSSv3
CVE-2019-10271
An issue exists in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privil...
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2020-7107
The Ultimate FAQ plugin prior to 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
Etoilewebdesign Ultimate Faq
9.8
CVSSv3
CVE-2022-35223
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote malicious user to execu...
Easyuse Mailhunter Ultimate
4.3
CVSSv3
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges ...
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2021-24306
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin prior to 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected...
Ultimatemember Ultimate Member
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »