Lucene search
+L

30 matches found

Patchstack
Patchstack
added 2015/12/03 12:0 a.m.10 views

WordPress Users Ultra Plugin 1.5.50 - Blind SQL injection

Because of this vulnerability, an attacker can change tag, type, description, photo or video name, category or unique id by setting POST parameters, such as "photodesc", "phototags" or "photo name", "videotype", "videoname", etc. Solution Update the plugin...

2.8AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2015/12/03 12:0 a.m.35 views

WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection

Exploit Title: WordPress Users Ultra Plugin Blind SQL injection Discovery Date: 2015/10/19 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/03 12:0 a.m.22 views

WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting

Exploit Title: WordPress Users Ultra Plugin Persistence XSS Discovery Date: 2015/10/20 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2015/11/18 12:0 a.m.12 views

WordPress Users Ultra Plugin 1.5.50 - Unrestricted File Upload

Because of this vulnerability, there is no sanitization for values in CSV file this file is accessible by anyone, all additional columns are in this file. In this way, an attacker can create and activate user accounts and compromise the whole site. Solution Upgrade the plugin...

4.6AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2015/11/18 12:0 a.m.21 views

WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload

WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

7.3AI score
Exploits0
0day.today
0day.today
added 2015/11/18 12:0 a.m.26 views

WordPress Users Ultra 1.5.50 Unrestricted File Upload Vulnerability

WordPress Users Ultra plugin version 1.5.50 suffers from an unrestricted file upload vulnerability. Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact:...

7.2AI score
Exploits0
Prion
Prion
added 2015/06/09 2:59 p.m.21 views

Sql injection

Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 datatarget or 2 datavote parameter in a ratingvote wpajaxnoprivratingvote action to wp-admin/admin-ajax.php...

7.5CVSS9.3AI score0.02364EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2015/06/09 2:0 p.m.32 views

CVE-2015-4109

Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 datatarget or 2 datavote parameter in a ratingvote wpajaxnoprivratingvote action to wp-admin/admin-ajax.php...

8.5AI score0.02364EPSS
Exploits2References4
CVE
CVE
added 2015/06/09 2:0 p.m.64 views

CVE-2015-4109

The CVE-2015-4109 entry relates to the WordPress plugin Users Ultra (Ratings module) where SQL injection is possible via the rating_vote AJAX action. Affected versions are prior to 1.5.16, with the vulnerability triggered by unsafely filtered data_target and data_vote parameters sent to wp-admin/...

7.5CVSS8.8AI score0.02364EPSS
Exploits2References4Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.56 views

CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]

Exploit Title: CVE-2015-4109 - WordPress Users Ultra Plugin SQL injection Date: 2015/05/30 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/ Version: 1.5.15 Tested on: WordPre...

7.5CVSS1.5AI score0.02364EPSS
Exploits2
Rows per page
Query Builder