Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-12	CVE-2016-10872	Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. network low complexity ultimatemember CWE-79	6.1
2019-08-12	CVE-2015-9304	Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. network low complexity ultimatemember CWE-79	6.1
2019-06-24	CVE-2019-10271	Unspecified vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. network low complexity ultimatemember	4.3
2019-06-21	CVE-2019-10270	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ultimatemember Ultimate Member An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. network low complexity ultimatemember CWE-640	4.0
2018-10-09	CVE-2018-17866	Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. network ultimatemember CWE-79	4.3
2018-07-04	CVE-2018-13136	Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. network ultimatemember CWE-79	4.3
2018-05-14	CVE-2018-0590	Unspecified vulnerability in Ultimatemember User Profile & Membership Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. network low complexity ultimatemember	4.0
2018-05-14	CVE-2018-0589	Unspecified vulnerability in Ultimatemember User Profile & Membership Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors. network low complexity ultimatemember	4.0
2018-05-14	CVE-2018-0588	Path Traversal vulnerability in Ultimatemember User Profile & Membership Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. network low complexity ultimatemember CWE-22	6.4
2018-05-14	CVE-2018-0587	Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatemember User Profile & Membership Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. network low complexity ultimatemember CWE-434	4.0