WordPress插件Users Ultra SQL注入漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Users Ultra has a SQL injection vulnerability, which stems from the inability to properly clean and escape the datatarget...

CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

Sql injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

CVE-2022-0769

Summary (concrete details from connected docs): CVE-2022-0769 affects the WordPress plugin Users Ultra up to version 3.1.0 . The vulnerability stems from improper sanitization/escaping of the data_target parameter before it is interpolated into an SQL statement, which is then executed via the rat...

CVE-2022-0769 Users Ultra <= 3.1.0 - Unauthenticated SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

WordPress Users Ultra plugin <= 3.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Users Ultra plugin versions = 3.1.0. Solution Deactivate and delete. This plugin has been closed as of March 14, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting

WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting Exploit Title: WordPress Users Ultra Plugin Persistence XSS Discovery Date: 2015/10/20 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

WordPress Users Ultra 1.5.50 Cross Site Scripting

Exploit Title: WordPress Users Ultra Plugin Persistence XSS Discovery Date: 2015/10/20 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...

WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload

Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link:...

Users Ultra <= 1.4.35 - SQL Injection

The AJAX action ‘editphotocate’, which is defined in the file ‘users-ultra/addons/photocategories/admin/admin.php’, allows for SQL Injection via the POST parameter ‘cateid’. This parameter is used in a call to the WordPress function ‘$wpdb-getresults’ without being sanitized. This action is...

WordPress Users Ultra Plugin <= 1.3.37 - SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...