Vulnerabilities > Ultimatemember > Ultimate Member > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-04 | CVE-2023-3460 | Unspecified vulnerability in Ultimatemember Ultimate Member The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. | 9.8 |
| 2019-04-03 | CVE-2019-10673 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. | 9.3 |