30 matches found
WordPress Users Ultra Plugin 1.5.50 - Blind SQL injection
Because of this vulnerability, an attacker can change tag, type, description, photo or video name, category or unique id by setting POST parameters, such as "photodesc", "phototags" or "photo name", "videotype", "videoname", etc. Solution Update the plugin...
WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection
Exploit Title: WordPress Users Ultra Plugin Blind SQL injection Discovery Date: 2015/10/19 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
Exploit Title: WordPress Users Ultra Plugin Persistence XSS Discovery Date: 2015/10/20 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...
WordPress Users Ultra Plugin 1.5.50 - Unrestricted File Upload
Because of this vulnerability, there is no sanitization for values in CSV file this file is accessible by anyone, all additional columns are in this file. In this way, an attacker can create and activate user accounts and compromise the whole site. Solution Upgrade the plugin...
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
WordPress Users Ultra 1.5.50 Unrestricted File Upload Vulnerability
WordPress Users Ultra plugin version 1.5.50 suffers from an unrestricted file upload vulnerability. Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact:...
Sql injection
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 datatarget or 2 datavote parameter in a ratingvote wpajaxnoprivratingvote action to wp-admin/admin-ajax.php...
CVE-2015-4109
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 datatarget or 2 datavote parameter in a ratingvote wpajaxnoprivratingvote action to wp-admin/admin-ajax.php...
CVE-2015-4109
The CVE-2015-4109 entry relates to the WordPress plugin Users Ultra (Ratings module) where SQL injection is possible via the rating_vote AJAX action. Affected versions are prior to 1.5.16, with the vulnerability triggered by unsafely filtered data_target and data_vote parameters sent to wp-admin/...
CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]
Exploit Title: CVE-2015-4109 - WordPress Users Ultra Plugin SQL injection Date: 2015/05/30 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/ Version: 1.5.15 Tested on: WordPre...