Ultimatemember Ultimate_member

37 CVEs affecting Ultimatemember Ultimate_member. Latest disclosed: 2025-02-21. Critical: 5, High: 6.

Top CVEs affecting Ultimatemember Ultimate_member
CVESeverityScorePublishedSummary
CVE-2020-36157Critical10.02021-01-04An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of…
CVE-2020-36155Critical10.02021-01-04An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could su…
CVE-2020-36156Critical9.92021-01-04An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-…
CVE-2024-1071Critical9.82024-03-13The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL In…
CVE-2023-3460Critical9.82023-07-04The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attac…
CVE-2019-10270High8.82019-06-21An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation…
CVE-2019-10673High8.82019-04-03A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and sub…
CVE-2025-0308High7.52025-01-18The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-b…
CVE-2024-2123High7.22024-03-13The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored…
CVE-2022-3384High7.22022-11-29The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options funct…
CVE-2022-3383High7.22022-11-29The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback…
CVE-2024-8519Medium6.42024-10-04The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored…
CVE-2022-1208Medium6.42022-06-13The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to…
CVE-2018-20965Medium6.12019-08-12The ultimate-member plugin before 2.0.4 for WordPress has XSS.
CVE-2016-10872Medium6.12019-08-12The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
CVE-2015-9304Medium6.12019-08-12The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
CVE-2018-17866Medium6.12018-10-09Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2…
CVE-2018-13136Medium6.12018-07-04The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
CVE-2018-6944Medium6.12018-02-16core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitiz…
CVE-2015-8354Medium6.12017-09-11Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web sc…