Ultimatemember Ultimate_member
37 CVEs affecting Ultimatemember Ultimate_member. Latest disclosed: 2025-02-21. Critical: 5, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-36157 | Critical | 10.0 | 2021-01-04 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of… |
CVE-2020-36155 | Critical | 10.0 | 2021-01-04 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could su… |
CVE-2020-36156 | Critical | 9.9 | 2021-01-04 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-… |
CVE-2024-1071 | Critical | 9.8 | 2024-03-13 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL In… |
CVE-2023-3460 | Critical | 9.8 | 2023-07-04 | The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attac… |
CVE-2019-10270 | High | 8.8 | 2019-06-21 | An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation… |
CVE-2019-10673 | High | 8.8 | 2019-04-03 | A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and sub… |
CVE-2025-0308 | High | 7.5 | 2025-01-18 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-b… |
CVE-2024-2123 | High | 7.2 | 2024-03-13 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored… |
CVE-2022-3384 | High | 7.2 | 2022-11-29 | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options funct… |
CVE-2022-3383 | High | 7.2 | 2022-11-29 | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback… |
CVE-2024-8519 | Medium | 6.4 | 2024-10-04 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored… |
CVE-2022-1208 | Medium | 6.4 | 2022-06-13 | The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to… |
CVE-2018-20965 | Medium | 6.1 | 2019-08-12 | The ultimate-member plugin before 2.0.4 for WordPress has XSS. |
CVE-2016-10872 | Medium | 6.1 | 2019-08-12 | The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. |
CVE-2015-9304 | Medium | 6.1 | 2019-08-12 | The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. |
CVE-2018-17866 | Medium | 6.1 | 2018-10-09 | Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2… |
CVE-2018-13136 | Medium | 6.1 | 2018-07-04 | The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. |
CVE-2018-6944 | Medium | 6.1 | 2018-02-16 | core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitiz… |
CVE-2015-8354 | Medium | 6.1 | 2017-09-11 | Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web sc… |