CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

EUVD-2015-9242

Malware in sbrugna...

EUVD-2015-4134

Malware in sbrugna...

EUVD-2015-9232

Malware in sbrugna...

EUVD-2015-9233

Malware in sbrugna...

EUVD-2015-9235

Malware in sbrugna...

CVE-2015-9392

The users-ultra plugin before 1.5.63 for WordPress has XSS via the pname parameter...

CVE-2015-9402

The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload...

CVE-2015-9394

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=packageaddnew to wp-admin/admin-ajax.php...

WordPress plugin Users Ultra SQL注入漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Users Ultra has a SQL injection vulnerability, which stems from the inability to properly clean and escape the datatarget...

Users Ultra <= 3.1.0 - Unauthenticated SQL Injection

The plugin fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection. PoC curl...

CVE-2015-9402

The CVE-2015-9402 entry concerns the WordPress plugin Users Ultra (and related variants) prior to version 1.5.59, where the uultra-form-cvs-form-conf component allows arbitrary file upload. This is documented across multiple connected records (NVD, RH/Red Hat, CVE lists, and WPVulndb), consistent...

CVE-2015-9395

The CVE-2015-9395 entry concerns the WordPress Users Ultra plugin (before version 1.5.64). The vulnerability is an SQL Injection via an AJAX action in this plugin. Public sources (NVD) report high impact with CVSS v3.1 metrics: Network attack vector, no user interaction, privileges required Low, ...

CVE-2015-9394

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=packageaddnew to wp-admin/admin-ajax.php...

CVE-2015-9394

The CVE concerns the WordPress plugin Users Ultra Membership (plugin) before 1.5.63. A CSRF vulnerability exists via action=package_add_new to wp-admin/admin-ajax.php, enabling an attacker to perform actions on behalf of authenticated users. Exploitation details are not provided beyond the CSRF d...

CVE-2015-9393

CVE-2015-9393 affects the WordPress Users Ultra plugin prior to 1.5.63, where the p_desc parameter is vulnerable to cross-site scripting (XSS). The vulnerability is confirmed across multiple sources (NVD entry and Red Hat, with WPVulndb/PRION and CVE lists reiterating the same issue). Impact rang...

WordPress Users Ultra Plugin 1.5.50 - Blind SQL 注入

在users-ultra插件的xooclasses/xoo.userultra.photos.php文件中有如下代码： public function editvideoconfirm global $wpdb, $xoouserultra; requireonceABSPATH . 'wp-includes/formatting.php'; $userid = getcurrentuserid; $videoid = $POST"videoid"; //videoid 直接从POST取值 $videoname = sanitizetextfield$POST"videoname";...

WordPress Users Ultra Plugin 1.5.50 - Persistent 跨站脚本

No description provided by source...

WordPress Users Ultra Plugin 1.5.50 - Persistent XSS

Because of this vulnerability, an attacker can include JavaScript code in package name or description. Solution Upgrade the plugin...

WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection

Exploit Title: WordPress Users Ultra Plugin Blind SQL injection Discovery Date: 2015/10/19 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...