Vulnerabilities > Ultimatemember
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-14 | CVE-2018-0590 | Unspecified vulnerability in Ultimatemember User Profile & Membership Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. | 4.3 |
| 2018-05-14 | CVE-2018-0589 | Unspecified vulnerability in Ultimatemember User Profile & Membership Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors. | 4.3 |
| 2018-05-14 | CVE-2018-0588 | Path Traversal vulnerability in Ultimatemember User Profile & Membership Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2018-05-14 | CVE-2018-0587 | Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatemember User Profile & Membership Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. | 4.3 |
| 2018-05-14 | CVE-2018-0586 | Path Traversal vulnerability in Ultimatemember User Profile & Membership Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 4.3 |
| 2018-05-14 | CVE-2018-0585 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-04-23 | CVE-2018-10234 | Cross-site Scripting vulnerability in Ultimatemember User Profile & Membership Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | 4.8 |
| 2018-04-23 | CVE-2018-10233 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember User Profile & Membership The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. | 8.8 |
| 2018-02-16 | CVE-2018-6944 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member 2.0 core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | 6.1 |
| 2018-02-16 | CVE-2018-6943 | Cross-site Scripting vulnerability in Ultimatemember 2.0 core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | 6.1 |