Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-3460
The Ultimate Member WordPress plugin prior to 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing malicious users to create administrator accounts at will. This is actively being exploited in the wild.
Ultimatemember Ultimate Member
9 Github repositories
6.1
CVSSv3
CVE-2015-8354
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin prior to 1.3.29 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
Ultimatemember Ultimate Member
8.8
CVSSv3
CVE-2023-31216
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2016-10872
The ultimate-member plugin prior to 1.3.40 for WordPress has XSS on the login form.
Ultimatemember Ultimate Member
5.3
CVSSv3
CVE-2020-36170
The Ultimate Member plugin prior to 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-13136
The Ultimate Member (aka ultimatemember) plugin prior to 2.0.18 for WordPress has XSS via the wp-admin settings screen.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2018-20965
The ultimate-member plugin prior to 2.0.4 for WordPress has XSS.
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2019-14945
The ultimate-member plugin prior to 2.0.54 for WordPress has XSS.
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2019-14947
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS during an account upgrade.
Ultimatemember Ultimate Member
8.8
CVSSv3
CVE-2019-10270
An arbitrary password reset issue exists in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to k...
Ultimatemember Ultimate Member
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »