Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate member vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-3383
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticate...
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2019-14945
The ultimate-member plugin prior to 2.0.54 for WordPress has XSS.
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2019-14947
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS during an account upgrade.
Ultimatemember Ultimate Member
9.8
CVSSv3
CVE-2020-36157
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role param...
Ultimatemember Ultimate Member
5.3
CVSSv3
CVE-2020-36170
The Ultimate Member plugin prior to 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2019-14946
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2016-10872
The ultimate-member plugin prior to 1.3.40 for WordPress has XSS on the login form.
Ultimatemember Ultimate Member
5.3
CVSSv3
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
7.2
CVSSv3
CVE-2022-3384
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP func...
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-13136
The Ultimate Member (aka ultimatemember) plugin prior to 2.0.18 for WordPress has XSS via the wp-admin settings screen.
Ultimatemember Ultimate Member
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »