← Back

Users Ultra Membership

users_ultra_membership

Vendor: Usersultra • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-9402
1Usersultra
1Users Ultra Membership
Nov 21, 2024
Sep 20, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
CVE-2015-9395
1Usersultra
1Users Ultra Membership
Nov 21, 2024
Sep 20, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
CVE-2015-9394
1Usersultra
1Users Ultra Membership
Nov 21, 2024
Sep 20, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
CVE-2015-9393
1Usersultra
1Users Ultra Membership
Nov 21, 2024
Sep 20, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.
CVE-2015-9392
1Usersultra
1Users Ultra Membership
Nov 21, 2024
Sep 20, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.