← Back

Users Ultra

users_ultra

Vendor: Usersultra • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0769
1Usersultra
1Users Ultra
Nov 21, 2024
Apr 25, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (availa...Show more
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.Show less