Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember ultimate member vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-0585
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2015-8354
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin prior to 1.3.29 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2016-10872
The ultimate-member plugin prior to 1.3.40 for WordPress has XSS on the login form.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-20965
The ultimate-member plugin prior to 2.0.4 for WordPress has XSS.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-13136
The Ultimate Member (aka ultimatemember) plugin prior to 2.0.18 for WordPress has XSS via the wp-admin settings screen.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-17866
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin prior to 2.0.28 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the "Prim...
Ultimatemember Ultimate Member
8.8
CVSSv3
CVE-2019-10673
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin prior to 2.0.40 for WordPress allows malicious users to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can cha...
Ultimatemember Ultimate Member
8.8
CVSSv3
CVE-2019-10270
An arbitrary password reset issue exists in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to k...
Ultimatemember Ultimate Member
4.3
CVSSv3
CVE-2019-10271
An issue exists in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privil...
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2021-24306
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin prior to 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected...
Ultimatemember Ultimate Member
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »