Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember ultimate member vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-14945
The ultimate-member plugin prior to 2.0.54 for WordPress has XSS.
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2019-14946
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding ...
Ultimatemember Ultimate Member
4.3
CVSSv3
CVE-2019-10271
An issue exists in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privil...
Ultimatemember Ultimate Member
9.8
CVSSv3
CVE-2020-36155
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During t...
Ultimatemember Ultimate Member
8.8
CVSSv3
CVE-2023-31216
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-13136
The Ultimate Member (aka ultimatemember) plugin prior to 2.0.18 for WordPress has XSS via the wp-admin settings screen.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-6944
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Ultimatemember Ultimate Member 2.0
4.3
CVSSv3
CVE-2018-0587
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
Ultimatemember User Profile & Membership
4.3
CVSSv3
CVE-2018-0590
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to bypass access restriction to modify the other users profiles via unspecified vectors.
Ultimatemember User Profile & Membership
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »