WordPress Plugin Vulnerabilities

Users Ultra Membership Plugin <= 1.5.62 - Authenticated Stored Cross-Site Scripting (XSS) & CSRF

Description

Both p_name and p_desc are vulnerable. No nonce on form so also vulnerable to CSRF. Original researcher's PoC does not work as all parameters are needed to be submitted not just the p_name parameter.

Affects Plugins

Plugin icon
users-ultra
Fixed in 1.5.63

References

CVE
CVE-2015-9394
CVE
CVE-2015-9393
CVE
CVE-2015-9392
URL
https://seclists.org/bugtraq/2015/Dec/13

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
299e5a22-344a-4028-ac60-e04cf1f49676

Timeline

Publicly Published
2015-12-02 (about 10 years ago)
Added
2015-12-09 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-09-26
Title
Appointment Booking Calendar < 1.1.8 - Multiple Reflected Cross-Site Scripting (XSS) and SQL Injection
Published
2015-08-31
Title
Thumbnail Carousel Slider < 1.0.1 - Authenticated Shell Upload & CSRF
Published
2015-01-16
Title
CM Download Manager < 2.0.7 - CSRF to Cross-Site Scripting
Published
2019-09-08
Title
Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS
Published
2016-01-19
Title
Download Manager <= 2.8.7 - Multiple Vulnerabilities