Vulnerabilities > Ultimatemember > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-16 CVE-2024-54367 Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
network
low complexity
ultimatemember CWE-502
critical
 9.8
9.8
2023-07-04 CVE-2023-3460 Unspecified vulnerability in Ultimatemember Ultimate Member
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will.
network
low complexity
ultimatemember
critical
 9.8
9.8
2021-01-04 CVE-2020-36157 Unspecified vulnerability in Ultimatemember Ultimate Member
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles.
network
low complexity
ultimatemember
critical
 9.8
9.8
2021-01-04 CVE-2020-36155 Improper Privilege Management vulnerability in Ultimatemember Ultimate Member
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta.
network
low complexity
ultimatemember CWE-269
critical
 9.8
9.8