Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimatemember ultimate member vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-10673
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin prior to 2.0.40 for WordPress allows malicious users to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can cha...
Ultimatemember Ultimate Member
7.5
CVSSv2
CVE-2020-36155
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During t...
Ultimatemember Ultimate Member
7.5
CVSSv2
CVE-2020-36157
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role param...
Ultimatemember Ultimate Member
6.5
CVSSv2
CVE-2020-36156
An issue exists in the Ultimate Member plugin prior to 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) duri...
Ultimatemember Ultimate Member
6.4
CVSSv2
CVE-2018-0588
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to read arbitrary files via unspecified vectors.
Ultimatemember User Profile \\& Membership
5
CVSSv2
CVE-2020-36170
The Ultimate Member plugin prior to 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
Ultimatemember Ultimate Member
5
CVSSv2
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
4.3
CVSSv2
CVE-2015-9304
The ultimate-member plugin prior to 1.3.18 for WordPress has XSS via text input.
Ultimatemember Ultimate Member
4.3
CVSSv2
CVE-2018-20965
The ultimate-member plugin prior to 2.0.4 for WordPress has XSS.
Ultimatemember Ultimate Member
4.3
CVSSv2
CVE-2016-10872
The ultimate-member plugin prior to 1.3.40 for WordPress has XSS on the login form.
Ultimatemember Ultimate Member
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »