Vulnerabilities > Ultimatemember

DATE CVE VULNERABILITY TITLE RISK
2019-08-12 CVE-2016-10872 Cross-site Scripting vulnerability in Ultimatemember Ultimate Member
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
network
low complexity
ultimatemember CWE-79
6.1
2019-08-12 CVE-2015-9304 Cross-site Scripting vulnerability in Ultimatemember Ultimate Member
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
network
low complexity
ultimatemember CWE-79
6.1
2019-06-24 CVE-2019-10271 Unspecified vulnerability in Ultimatemember Ultimate Member
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress.
network
low complexity
ultimatemember
4.3
2019-06-21 CVE-2019-10270 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ultimatemember Ultimate Member
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress.
network
low complexity
ultimatemember CWE-640
4.0
2019-04-03 CVE-2019-10673 Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code.
network
ultimatemember CWE-352
critical
9.3
2018-10-09 CVE-2018-17866 Cross-site Scripting vulnerability in Ultimatemember Ultimate Member
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
4.3
2018-07-04 CVE-2018-13136 Cross-site Scripting vulnerability in Ultimatemember Ultimate Member
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
4.3
2018-05-14 CVE-2018-0590 Unspecified vulnerability in Ultimatemember User Profile & Membership
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.
network
low complexity
ultimatemember
4.0
2018-05-14 CVE-2018-0589 Unspecified vulnerability in Ultimatemember User Profile & Membership
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.
network
low complexity
ultimatemember
4.0
2018-05-14 CVE-2018-0588 Path Traversal vulnerability in Ultimatemember User Profile & Membership
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
ultimatemember CWE-22
6.4