WordPress Plugin Vulnerabilities

Users Ultra <= 1.4.35 - SQL Injection

Description

The AJAX action ‘edit_photo_cate’, which is defined in the file ‘users-ultra/addons/photocategories/admin/admin.php’, allows for SQL Injection via the POST parameter ‘cate_id’. This parameter is used in a call to the WordPress function ‘$wpdb->get_results()’ without being sanitized. This action is available to any logged in user.

Affects Plugins

Plugin icon
users-ultra
Fixed in 1.4.36

References

URL
https://g0blin.co.uk/g0blin-00030/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
James Hooker
Submitter website
https://research.g0blin.co.uk
Submitter twitter
g0blinResearch
Verified
No
WPVDB ID
cc7f1ee1-063d-4d1f-a8fa-700673c7fac5

Timeline

Publicly Published
2015-02-09 (about 11 years ago)
Added
2015-02-09 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-03-20
Title
Product Rearrange for WooCommerce <= 1.2.2 - Unauthenticated SQL Injection
Published
2025-07-04
Title
iFrame Images Gallery <= 9.0 - Authenticated (Contributor+) SQL Injection
Published
2023-12-05
Title
Sayfa Sayaç <= 2.6 - Unauthenticated SQL Injection
Published
2023-11-20
Title
EazyDocs < 2.3.4 - Subscriber + SQLi
Published
2025-02-21
Title
Doctor Appointment Booking <= 1.0.0 - Authenticated (Subscriber+) SQL Injection