Vulnerabilities > Ultimatemember
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-12 | CVE-2019-14946 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | 5.4 |
| 2019-08-12 | CVE-2019-14945 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 2.0.54 for WordPress has XSS. | 5.4 |
| 2019-08-12 | CVE-2018-20965 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 2.0.4 for WordPress has XSS. | 6.1 |
| 2019-08-12 | CVE-2016-10872 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | 6.1 |
| 2019-08-12 | CVE-2015-9304 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | 6.1 |
| 2019-06-24 | CVE-2019-10271 | Unspecified vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. | 4.3 |
| 2019-06-21 | CVE-2019-10270 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ultimatemember Ultimate Member An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. | 8.8 |
| 2019-04-03 | CVE-2019-10673 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. | 8.8 |
| 2018-10-09 | CVE-2018-17866 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | 6.1 |
| 2018-07-04 | CVE-2018-13136 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | 6.1 |