Vulnerabilities > Ultimatemember > User Profile Membership > 2.0.4

DATE CVE VULNERABILITY TITLE RISK
2018-04-23 CVE-2018-10234 Cross-site Scripting vulnerability in Ultimatemember User Profile & Membership
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.
network
low complexity
ultimatemember CWE-79
4.8
2018-04-23 CVE-2018-10233 Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember User Profile & Membership
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks.
network
low complexity
ultimatemember CWE-352
8.8