Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-10234
Authenticated Cross site Scripting exists in the User Profile & Membership plugin prior to 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page.
Ultimatemember User Profile \\& Membership
4
CVSSv2
CVE-2018-0587
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
Ultimatemember User Profile \\& Membership
4
CVSSv2
CVE-2018-0586
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to read arbitrary files via unspecified vectors.
Ultimatemember User Profile \\& Membership
6.4
CVSSv2
CVE-2018-0588
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to read arbitrary files via unspecified vectors.
Ultimatemember User Profile \\& Membership
4
CVSSv2
CVE-2018-0589
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.
Ultimatemember User Profile \\& Membership
4
CVSSv2
CVE-2018-0590
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to bypass access restriction to modify the other users profiles via unspecified vectors.
Ultimatemember User Profile \\& Membership
4.3
CVSSv2
CVE-2018-6944
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Ultimatemember Ultimate Member 2.0
6.8
CVSSv2
CVE-2018-10233
The User Profile & Membership plugin prior to 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
Ultimatemember User Profile \\& Membership
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4