Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 12 known issues Latest disclosed Apr 13, 2022

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin Vulnerabilities

Q: How many Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin vulnerabilities have patch guidance?

12 of 12 tracked Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin records include a published patch path.

Review known vulnerability records for the WordPress plugin Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin (`users-ultra`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2022-0769, CVE-2015-9392 and CVE-2015-9394, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jan 22, 2024

Priority CVE Quick Links

Fast paths into Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2022-0769 Critical No patch listed

CVE-2022-0769 Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin SQL Injection

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection

CVE-2015-4109 Critical 1.5.16

CVE-2015-4109 Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin SQL Injection

Users Ultra <= 1.5.15 - Multiple SQL Injection

CVE-2015-9394 High 1.5.63

CVE-2015-9394 Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin Cross-Site Request Forgery

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Request Forgery

CVE-2015-9395 High 1.5.64

CVE-2015-9395 Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin SQL Injection

Users Ultra Membership Plugin <= 1.5.63 - Authenticated Blind SQL Injection

CVE-2015-9402 High 1.5.59

CVE-2015-9402 Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin Arbitrary File Upload

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.5.58 - Arbitrary File Upload

CVE-2015-9393 Medium 1.5.63

CVE-2015-9393 Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin Cross-Site Scripting

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting

CVE-2015-9392 Medium 1.5.63

CVE-2015-9392 Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin Cross-Site Scripting

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting via p_name parameter

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

12 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

4 critical and 6 high severity findings.

Recent CVEs

CVE-2022-0769, CVE-2015-9392 and CVE-2015-9394

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2022-0769 Critical No patch listed

CVE-2022-0769: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the r...

Published

Apr 13, 2022

Patch Status

Not published

Open CVE-2022-0769 Report

CVE-2015-9392 Medium Patch path listed

CVE-2015-9392: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting via p_name parameter

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.

Published

Dec 02, 2015

Patch Status

1.5.63

Open CVE-2015-9392 Report

CVE-2015-9394 High Patch path listed

CVE-2015-9394: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Request Forgery

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

Published

Dec 02, 2015

Patch Status

1.5.63

Open CVE-2015-9394 Report

Known Vulnerabilities

Reports for Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin

Sorted by latest disclosure date so newly published issues surface first.

Plugin Critical Patched: No CVE-2022-0769

CVE-2022-0769: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leadin...

Published

Apr 13, 2022

Patched Release

Not published

Affected Versions

Versions up to 3.1.0

Next Step

Open the full report for remediation notes and references.

Open CVE-2022-0769 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2015-9392

CVE-2015-9392: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting via p_name parameter

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.

Published

Dec 02, 2015

Patched Release

1.5.63

Affected Versions

Versions before 1.5.63

Next Step

Update to 1.5.63 or newer if supported.

Open CVE-2015-9392 Report Open CVE Reference

Plugin High Patched: Yes CVE-2015-9394

CVE-2015-9394: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Request Forgery

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

Published

Dec 02, 2015

Patched Release

1.5.63

Affected Versions

Versions before 1.5.63

Next Step

Update to 1.5.63 or newer if supported.

Open CVE-2015-9394 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2015-9393

CVE-2015-9393: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.

Published

Dec 02, 2015

Patched Release

1.5.63

Affected Versions

Versions before 1.5.63

Next Step

Update to 1.5.63 or newer if supported.

Open CVE-2015-9393 Report Open CVE Reference

Plugin High Patched: Yes CVE-2015-9395

CVE-2015-9395: Users Ultra Membership Plugin <= 1.5.63 - Authenticated Blind SQL Injection

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via ajax actions, by exploiting following WP ajax actions SQL injections attacks can be performed: `edit_video`, `delete_photo`, `delete_gallery`, `delete_video`, `reload_photos`, `edit_gallery`, `edit_gallery_c...

Published

Dec 01, 2015

Patched Release

1.5.64

Affected Versions

Versions before 1.5.64

Next Step

Update to 1.5.64 or newer if supported.

Open CVE-2015-9395 Report Open CVE Reference

Plugin High Patched: Yes CVE-2015-9402

CVE-2015-9402: Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.5.58 - Arbitrary File Upload

The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.

Published

Nov 17, 2015

Patched Release

1.5.59

Affected Versions

Versions before 1.5.59

Next Step

Update to 1.5.59 or newer if supported.

Open CVE-2015-9402 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2015-4109

CVE-2015-4109: Users Ultra <= 1.5.15 - Multiple SQL Injection

Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to w...

Published

Jun 04, 2015

Patched Release

1.5.16

Affected Versions

Versions up to 1.5.15

Next Step

Update to 1.5.16 or newer if supported.

Open CVE-2015-4109 Report Open CVE Reference

Plugin High Patched: Yes

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.4.95 - SQL Injection

The "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin" plugin for WordPress is vulnerable to SQL Injection via the ‘$gal_id’ parameter in versions up to, and including, 1.4.95 due to insufficient escaping on the user supplied parameter an...

Published

Apr 17, 2015

Patched Release

1.4.96

Affected Versions

Versions up to 1.4.95

Next Step

Update to 1.4.96 or newer if supported.

Open Full Report

Plugin High Patched: Yes

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.4.36 - SQL Injection

The Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin for WordPress is vulnerable to generic SQL Injection via the ‘cate_id’ parameter in versions up to, and including, 1.4.35 due to insufficient escaping on the user supplied parameter and...

Published

Feb 09, 2015

Patched Release

1.4.36

Affected Versions

Versions before 1.4.36

Next Step

Update to 1.4.36 or newer if supported.

Open Full Report

Plugin Critical Patched: Yes

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection

The Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.58 due to insufficient escaping on the user-supplied $id parameter and lack of sufficient prepa...

Published

Oct 22, 2014

Patched Release

1.3.59

Affected Versions

Versions up to 1.3.58

Next Step

Update to 1.3.59 or newer if supported.

Open Full Report

Plugin Critical Patched: Yes

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection

Published

Oct 22, 2014

Patched Release

1.3.59

Affected Versions

Versions up to 1.3.58

Next Step

Update to 1.3.59 or newer if supported.

Open Full Report

Plugin High Patched: No

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - SQL Injection

The Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.0 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparatio...

Published

Sep 29, 2014

Patched Release

Not published

Affected Versions

Versions up to 3.1.0

Next Step

Open the full report for remediation notes and references.

Open Full Report