Vulnerabilities > Ultimatemember > Ultimate Member > 1.3.88
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-04 | CVE-2018-13136 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | 6.1 |
| 2018-05-14 | CVE-2018-0585 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |