Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-34210
SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.
Easyuse Mailhunter Ultimate
9.8
CVSSv3
CVE-2017-18580
The shortcodes-ultimate plugin prior to 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
Getshortcodes Shortcodes Ultimate
6.1
CVSSv3
CVE-2015-8354
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin prior to 1.3.29 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
Ultimatemember Ultimate Member
NA
CVE-2006-3153
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the cat parameter.
Thinkfactory Ultimate Estate
NA
CVE-2006-3155
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) u...
Thinkfactory Ultimate Estate
6.1
CVSSv3
CVE-2019-15643
The ultimate-faqs plugin prior to 1.8.22 for WordPress has XSS.
Etoilewebdesign Ultimate Faq
8.8
CVSSv3
CVE-2018-20968
The wp-ultimate-exporter plugin prior to 1.4.2 for WordPress has CSRF.
Smackcoders Ultimate Exporter
6.1
CVSSv3
CVE-2015-9304
The ultimate-member plugin prior to 1.3.18 for WordPress has XSS via text input.
Ultimatemember Ultimate Member
5.3
CVSSv3
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2022-36357
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilon ULTIMATE TABLES plugin <= 1.6.5 versions.
Webpsilon Ultimate Tables
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »