Vulnerabilities > Ultimatemember
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2021-24306 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. | 3.5 |
| 2021-01-06 | CVE-2020-36170 | Unspecified vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. | 5.0 |
| 2021-01-04 | CVE-2020-36157 | Improper Privilege Management vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. | 7.5 |
| 2021-01-04 | CVE-2020-36156 | Improper Privilege Management vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. | 6.5 |
| 2021-01-04 | CVE-2020-36155 | Improper Privilege Management vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. | 7.5 |
| 2020-01-13 | CVE-2020-6859 | Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Ultimate Member Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. | 5.0 |
| 2019-08-12 | CVE-2019-14947 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | 3.5 |
| 2019-08-12 | CVE-2019-14946 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | 3.5 |
| 2019-08-12 | CVE-2019-14945 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 2.0.54 for WordPress has XSS. | 3.5 |
| 2019-08-12 | CVE-2018-20965 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 2.0.4 for WordPress has XSS. | 4.3 |