Vulnerabilities > Ultimatemember

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-16	CVE-2018-6943	Cross-site Scripting vulnerability in Ultimatemember 2.0 core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. network low complexity ultimatemember CWE-79	6.1
2017-09-11	CVE-2015-8354	Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. network low complexity ultimatemember CWE-79	6.1

Vulnerabilities > Ultimatemember {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ultimatemember"}]}