Lucene search
+L
UsersultraUsers Ultra Membership

5 matches found

CVE
CVE
added 2019/09/20 3:3 p.m.226 views

CVE-2015-9394

The CVE concerns the WordPress plugin Users Ultra Membership (plugin) before 1.5.63. A CSRF vulnerability exists via action=package_add_new to wp-admin/admin-ajax.php, enabling an attacker to perform actions on behalf of authenticated users. Exploitation details are not provided beyond the CSRF d...

8.8CVSS8.7AI score0.00671EPSS
Web
CVE
CVE
added 2019/09/20 3:12 p.m.224 views

CVE-2015-9402

The CVE-2015-9402 entry concerns the WordPress plugin Users Ultra (and related variants) prior to version 1.5.59, where the uultra-form-cvs-form-conf component allows arbitrary file upload. This is documented across multiple connected records (NVD, RH/Red Hat, CVE lists, and WPVulndb), consistent...

8.8CVSS8.7AI score0.01965EPSS
CVE
CVE
added 2019/09/20 3:1 p.m.217 views

CVE-2015-9392

The CVE-2015-9392 case affects the WordPress plugin Users Ultra before version 1.5.63 , where processing of the parameter p_name enables a cross-site scripting (XSS ) vulnerability. This is reported as an XSS issue in multiple sources (NVD description mentions XSS via p_name; related records refe...

5.4CVSS5.3AI score0.01173EPSS
CVE
CVE
added 2019/09/20 3:2 p.m.216 views

CVE-2015-9393

CVE-2015-9393 affects the WordPress Users Ultra plugin prior to 1.5.63, where the p_desc parameter is vulnerable to cross-site scripting (XSS). The vulnerability is confirmed across multiple sources (NVD entry and Red Hat, with WPVulndb/PRION and CVE lists reiterating the same issue). Impact rang...

5.4CVSS5.3AI score0.00709EPSS
CVE
CVE
added 2019/09/20 3:4 p.m.122 views

CVE-2015-9395

The CVE-2015-9395 entry concerns the WordPress Users Ultra plugin (before version 1.5.64). The vulnerability is an SQL Injection via an AJAX action in this plugin. Public sources (NVD) report high impact with CVSS v3.1 metrics: Network attack vector, no user interaction, privileges required Low, ...

8.8CVSS9.2AI score0.01735EPSS