Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-10271
An issue exists in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privil...
Ultimatemember Ultimate Member
383
VMScore
CVE-2015-9304
The ultimate-member plugin prior to 1.3.18 for WordPress has XSS via text input.
Ultimatemember Ultimate Member
312
VMScore
CVE-2021-24306
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin prior to 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected...
Ultimatemember Ultimate Member
NA
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges ...
Ultimatemember Ultimate Member
312
VMScore
CVE-2022-1209
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for malicious users to redirect unsuspecting victims in versions up to, and including, 2...
Ultimatemember Ultimate Member
312
VMScore
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding ...
Ultimatemember Ultimate Member
383
VMScore
CVE-2018-17866
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin prior to 2.0.28 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the "Prim...
Ultimatemember Ultimate Member
312
VMScore
CVE-2018-0585
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ultimatemember Ultimate Member
445
VMScore
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
312
VMScore
CVE-2019-14946
The ultimate-member plugin prior to 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
Ultimatemember Ultimate Member
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »