5 matches found
CVE-2015-9394
The CVE concerns the WordPress plugin Users Ultra Membership (plugin) before 1.5.63. A CSRF vulnerability exists via action=package_add_new to wp-admin/admin-ajax.php, enabling an attacker to perform actions on behalf of authenticated users. Exploitation details are not provided beyond the CSRF d...
CVE-2015-9402
The CVE-2015-9402 entry concerns the WordPress plugin Users Ultra (and related variants) prior to version 1.5.59, where the uultra-form-cvs-form-conf component allows arbitrary file upload. This is documented across multiple connected records (NVD, RH/Red Hat, CVE lists, and WPVulndb), consistent...
CVE-2015-9392
The CVE-2015-9392 case affects the WordPress plugin Users Ultra before version 1.5.63 , where processing of the parameter p_name enables a cross-site scripting (XSS ) vulnerability. This is reported as an XSS issue in multiple sources (NVD description mentions XSS via p_name; related records refe...
CVE-2015-9393
CVE-2015-9393 affects the WordPress Users Ultra plugin prior to 1.5.63, where the p_desc parameter is vulnerable to cross-site scripting (XSS). The vulnerability is confirmed across multiple sources (NVD entry and Red Hat, with WPVulndb/PRION and CVE lists reiterating the same issue). Impact rang...
CVE-2015-9395
The CVE-2015-9395 entry concerns the WordPress Users Ultra plugin (before version 1.5.64). The vulnerability is an SQL Injection via an AJAX action in this plugin. Public sources (NVD) report high impact with CVSS v3.1 metrics: Network attack vector, no user interaction, privileges required Low, ...