Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

azzaroco

Source -

CNAADP

BOS Name -

N/A

CNA CVEs -

13

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
13Vulnerabilities found
CVE-2026-25357
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.10% / 27.27%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7.

Action-Not Available
Vendor-azzaroco
Product-Ultimate Membership Pro
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-28113
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.43%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:54
Updated-28 Apr, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.1.

Action-Not Available
Vendor-azzaroco
Product-Ultimate Learning Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-64251
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.03% / 10.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Learning Pro plugin <= 3.9.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.

Action-Not Available
Vendor-azzaroco
Product-Ultimate Learning Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-13846
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.9||MEDIUM
EPSS-0.11% / 28.70%
||
7 Day CHG~0.00%
Published-21 Feb, 2025 | 11:09
Updated-08 Apr, 2026 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Indeed Ultimate Learning Pro <= 3.9 - Authenticated (Administrator+) SQL Injection via post_id Parameter

The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-wpindeedazzaroco
Product-ultimate_learning_proIndeed Ultimate Learning Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-56069
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.29%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:12
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Reflected XSS.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

Action-Not Available
Vendor-azzaroco
Product-WP SuperBackup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56070
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.4||HIGH
EPSS-0.09% / 25.19%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 13:35
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Multiple Subscriber+ Broken Access Control vulnerabilities

Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

Action-Not Available
Vendor-azzaroco
Product-WP SuperBackup
CWE ID-CWE-862
Missing Authorization
CVE-2024-56064
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-58.46% / 98.24%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:54
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

Action-Not Available
Vendor-azzaroco
Product-WP SuperBackup
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56068
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:51
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

Action-Not Available
Vendor-azzaroco
Product-WP SuperBackup
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-56067
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-65.07% / 98.50%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:48
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Backup File Download Vulnerability

Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

Action-Not Available
Vendor-azzaroco
Product-WP SuperBackup
CWE ID-CWE-862
Missing Authorization
CVE-2024-9290
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-67.65% / 98.60%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 09:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-azzaroco
Product-Super Backup & Clone - Migrate for WordPress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43242
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9||CRITICAL
EPSS-0.56% / 68.70%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:09
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.

Action-Not Available
Vendor-wpindeedazzarocoazzaroco
Product-ultimate_membership_proUltimate Membership Proultimate_membership_pro
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-43240
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9.4||CRITICAL
EPSS-0.54% / 68.06%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:07
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated Privilege Escalation vulnerability

Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.

Action-Not Available
Vendor-wpindeedazzarocowpindeed
Product-ultimate_membership_proUltimate Membership Proultimate_membership_pro
CWE ID-CWE-287
Improper Authentication
CVE-2024-43241
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 21:27
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.

Action-Not Available
Vendor-azzaroco
Product-Ultimate Membership Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')