Vulnerabilities > Ultimatemember > User Profile Membership > 2.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-23 | CVE-2018-10234 | Cross-site Scripting vulnerability in Ultimatemember User Profile & Membership Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | 4.8 |
| 2018-04-23 | CVE-2018-10233 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember User Profile & Membership The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. | 8.8 |