Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember ultimate member vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-36157
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role param...
Ultimatemember Ultimate Member
445
VMScore
CVE-2020-36170
The Ultimate Member plugin prior to 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
Ultimatemember Ultimate Member
NA
CVE-2022-3383
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticate...
Ultimatemember Ultimate Member
383
VMScore
CVE-2018-13136
The Ultimate Member (aka ultimatemember) plugin prior to 2.0.18 for WordPress has XSS via the wp-admin settings screen.
Ultimatemember Ultimate Member
NA
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges ...
Ultimatemember Ultimate Member
383
VMScore
CVE-2016-10872
The ultimate-member plugin prior to 1.3.40 for WordPress has XSS on the login form.
Ultimatemember Ultimate Member
312
VMScore
CVE-2021-24306
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin prior to 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected...
Ultimatemember Ultimate Member
383
VMScore
CVE-2018-6944
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Ultimatemember Ultimate Member 2.0
356
VMScore
CVE-2018-0587
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
Ultimatemember User Profile \\& Membership
356
VMScore
CVE-2018-0590
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to bypass access restriction to modify the other users profiles via unspecified vectors.
Ultimatemember User Profile \\& Membership
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »