Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-3966
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to p...
Ultimatemember Ultimate Member
6.5
CVSSv3
CVE-2023-23800
Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a up to and including 5.12.6.
Getshortcodes Shortcodes Ultimate
6.1
CVSSv3
CVE-2018-20965
The ultimate-member plugin prior to 2.0.4 for WordPress has XSS.
Ultimatemember Ultimate Member
7.5
CVSSv3
CVE-2019-17232
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin up to and including 1.8.24 for WordPress allows unauthenticated options import.
Etoilewebdesign Ultimate Faq
6.1
CVSSv3
CVE-2019-17233
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin up to and including 1.8.24 for WordPress allows HTML content injection.
Etoilewebdesign Ultimate Faq
7.8
CVSSv3
CVE-2017-2886
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this ...
Acdsee Ultimate 10.0.0.292
6.1
CVSSv3
CVE-2021-24274
The Ultimate Maps by Supsystic WordPress plugin prior to 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Supsystic Ultimate Maps
8.8
CVSSv3
CVE-2023-34207
Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and previous versions allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafte...
Easyuse Mailhunter Ultimate
6.5
CVSSv3
CVE-2023-34208
Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and previous versions allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.
Easyuse Mailhunter Ultimate
4.3
CVSSv3
CVE-2023-34209
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and previous versions allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.
Easyuse Mailhunter Ultimate
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »