Vulnerabilities > Usersultra > Users Ultra Membership
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-20 | CVE-2015-9402 | Unrestricted Upload of File with Dangerous Type vulnerability in Usersultra Users Ultra Membership The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | 6.8 |
| 2019-09-20 | CVE-2015-9395 | SQL Injection vulnerability in Usersultra Users Ultra Membership 1.5.59/1.5.63 The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | 6.5 |
| 2019-09-20 | CVE-2015-9394 | Cross-Site Request Forgery (CSRF) vulnerability in Usersultra Users Ultra Membership 1.5.59 The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | 6.8 |
| 2019-09-20 | CVE-2015-9393 | Cross-site Scripting vulnerability in Usersultra Users Ultra Membership 1.5.59 The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. | 3.5 |
| 2019-09-20 | CVE-2015-9392 | Cross-site Scripting vulnerability in Usersultra Users Ultra Membership 1.5.59 The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. | 3.5 |