Vulnerabilities > Ultimatemember > Ultimate Member > 2.1.2

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2020-36155 Improper Privilege Management vulnerability in Ultimatemember Ultimate Member
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta.
network
low complexity
ultimatemember CWE-269
critical
 9.8
9.8
2020-01-13 CVE-2020-6859 Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Ultimate Member
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter.
network
low complexity
ultimatemember CWE-639
5.3
5.3