Vulnerabilities > Ultimatemember > Ultimate Member
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-12 | CVE-2016-10872 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | 6.1 |
| 2019-08-12 | CVE-2015-9304 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | 6.1 |
| 2019-06-24 | CVE-2019-10271 | Unspecified vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. | 4.3 |
| 2019-06-21 | CVE-2019-10270 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ultimatemember Ultimate Member An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. | 4.0 |
| 2019-04-03 | CVE-2019-10673 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. | 9.3 |
| 2018-10-09 | CVE-2018-17866 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | 4.3 |
| 2018-07-04 | CVE-2018-13136 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | 4.3 |
| 2018-05-14 | CVE-2018-0585 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2018-02-16 | CVE-2018-6944 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member 2.0 core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | 4.3 |
| 2017-09-11 | CVE-2015-8354 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | 4.3 |