Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-7107
The Ultimate FAQ plugin prior to 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
Etoilewebdesign Ultimate Faq
5
CVSSv2
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
3.5
CVSSv2
CVE-2018-0585
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ultimatemember Ultimate Member
NA
CVE-2023-4726
The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-...
Davidvongries Ultimate Dashboard
4.3
CVSSv2
CVE-2015-9304
The ultimate-member plugin prior to 1.3.18 for WordPress has XSS via text input.
Ultimatemember Ultimate Member
4.3
CVSSv2
CVE-2016-10872
The ultimate-member plugin prior to 1.3.40 for WordPress has XSS on the login form.
Ultimatemember Ultimate Member
4
CVSSv2
CVE-2019-10270
An arbitrary password reset issue exists in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to k...
Ultimatemember Ultimate Member
4
CVSSv2
CVE-2019-10271
An issue exists in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privil...
Ultimatemember Ultimate Member
7.5
CVSSv2
CVE-2017-18580
The shortcodes-ultimate plugin prior to 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
Getshortcodes Shortcodes Ultimate
3.5
CVSSv2
CVE-2019-14945
The ultimate-member plugin prior to 2.0.54 for WordPress has XSS.
Ultimatemember Ultimate Member
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »