Vulnerabilities > Ultimatemember > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-8428 | Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Forumwp The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. | 8.8 |
| 2023-07-17 | CVE-2023-31216 | Unspecified vulnerability in Ultimatemember Ultimate Member Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. | 8.8 |
| 2022-12-19 | CVE-2022-4061 | Unspecified vulnerability in Ultimatemember Jobboardwp The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. | 7.5 |
| 2022-11-29 | CVE-2022-3383 | Unspecified vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). | 7.2 |
| 2022-11-29 | CVE-2022-3384 | Unspecified vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). | 7.2 |
| 2022-11-13 | CVE-2022-3966 | Unspecified vulnerability in Ultimatemember Ultimate Member A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. | 7.5 |
| 2021-01-04 | CVE-2020-36156 | Improper Privilege Management vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. | 8.8 |
| 2019-06-21 | CVE-2019-10270 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ultimatemember Ultimate Member An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. | 8.8 |
| 2019-04-03 | CVE-2019-10673 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. | 8.8 |
| 2018-05-14 | CVE-2018-0588 | Path Traversal vulnerability in Ultimatemember User Profile & Membership Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |