Ultimatemember
ultimatemember
53 CVEs • 5 products
Products (5)
Click to collapseToggle
Products (5)
Click to collapse
CVEs (53)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Ultimatemember 1Ultimate Member Nov 21, 2024 Oct 9, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary...Show more |
1Ultimatemember 1Ultimate Member Nov 21, 2024 Jul 4, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. |
1Ultimatemember 1User Profile & Membership Nov 21, 2024 May 14, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. |
1Ultimatemember 1User Profile & Membership Nov 21, 2024 May 14, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors. |
1Ultimatemember 1User Profile & Membership Nov 21, 2024 May 14, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. |
1Ultimatemember 1User Profile & Membership Nov 21, 2024 May 14, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. |
1Ultimatemember 1User Profile & Membership Nov 21, 2024 May 14, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. |
1Ultimatemember 1Ultimate Member Nov 21, 2024 May 14, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
1Ultimatemember 1User Profile & Membership Nov 21, 2024 Apr 23, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account p...Show more |
1Ultimatemember 1User Profile & Membership Nov 21, 2024 Apr 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin. |
1Ultimatemember 1Ultimate Member Nov 21, 2024 Feb 16, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. |
1Ultimatemember 1Ultimatemember Nov 21, 2024 Feb 16, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. |
1Ultimatemember 1Ultimate Member May 13, 2026 Sep 11, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. |