CVE-2025-47691

MEDIUM Year: 2025
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3.

Related Vulnerabilities

CVE-2021-25393

MEDIUM
CVSS:5.5(Medium)

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.

CWE-942021

CVE-2021-25415

MEDIUM
CVSS:5.5(Medium)

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.

CWE-942021

CVE-2022-33721

MEDIUM
CVSS:5.5(Medium)

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.

CWE-942022

CVE-2024-29409

MEDIUM
CVSS:5.5(Medium)

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.

CWE-942024

CVE-2024-55504

MEDIUM
CVSS:5.5(Medium)

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the...

CWE-942024