Arbitrary File Upload Vulnerability in Users Ultra Plugin for WordPress
CVE-2015-9402

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Users Ultra Membership
Vendor: CVE Published:; 20 September 2019

What is CVE-2015-9402?

The Users Ultra plugin for WordPress, prior to version 1.5.59, contains a vulnerability that allows for arbitrary file uploads through the 'uultra-form-cvs-form-conf' feature. This weakness can enable attackers to upload malicious files to the server, potentially leading to various security risks, including unauthorized access, data breach, or even complete takeover of the affected site. Website owners using this plugin are urged to update to the latest version to mitigate associated security risks.