CVE-2015-9394

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=packageaddnew to wp-admin/admin-ajax.php...

WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection

Exploit Title: WordPress Users Ultra Plugin Blind SQL injection Discovery Date: 2015/10/19 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...