Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate member vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2019-10673
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin prior to 2.0.40 for WordPress allows malicious users to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can cha...
Ultimatemember Ultimate Member
NA
CVE-2023-3460
The Ultimate Member WordPress plugin prior to 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing malicious users to create administrator accounts at will. This is actively being exploited in the wild.
Ultimatemember Ultimate Member
9 Github repositories
356
VMScore
CVE-2019-10270
An arbitrary password reset issue exists in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to k...
Ultimatemember Ultimate Member
445
VMScore
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
668
VMScore
CVE-2020-36155
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During t...
Ultimatemember Ultimate Member
NA
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges ...
Ultimatemember Ultimate Member
312
VMScore
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding ...
Ultimatemember Ultimate Member
312
VMScore
CVE-2022-1209
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for malicious users to redirect unsuspecting victims in versions up to, and including, 2...
Ultimatemember Ultimate Member
312
VMScore
CVE-2019-14945
The ultimate-member plugin prior to 2.0.54 for WordPress has XSS.
Ultimatemember Ultimate Member
312
VMScore
CVE-2019-14946
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
Ultimatemember Ultimate Member
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »