Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-6943
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Ultimatemember Ultimatemember 2.0
3.5
CVSSv2
CVE-2021-39329
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitra...
Ultimatemember Jobboardwp
NA
CVE-2022-4061
The JobBoardWP WordPress plugin prior to 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
Ultimatemember Jobboardwp
3 Github repositories
3.5
CVSSv2
CVE-2019-14946
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
Ultimatemember Ultimate Member
4.3
CVSSv2
CVE-2018-13136
The Ultimate Member (aka ultimatemember) plugin prior to 2.0.18 for WordPress has XSS via the wp-admin settings screen.
Ultimatemember Ultimate Member
3.5
CVSSv2
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding ...
Ultimatemember Ultimate Member
3.5
CVSSv2
CVE-2022-1209
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for malicious users to redirect unsuspecting victims in versions up to, and including, 2...
Ultimatemember Ultimate Member
NA
CVE-2022-3966
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to p...
Ultimatemember Ultimate Member
NA
CVE-2023-31216
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
Ultimatemember Ultimate Member
3.5
CVSSv2
CVE-2018-0585
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ultimatemember Ultimate Member
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »