Lucene search
K

214 matches found

NVD
NVD
added 2025/03/07 7:15 a.m.17 views

CVE-2025-1475

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

9.8CVSS0.00597EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/07 6:40 a.m.11 views

CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

9.8CVSS7.4AI score0.00597EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/07 6:40 a.m.19 views

CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

9.8CVSS0.00597EPSS
Exploits0References3
NVD
NVD
added 2025/03/05 12:15 p.m.6 views

CVE-2025-1702

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user suppli...

7.5CVSS0.00661EPSS
Exploits0References6
OSV
OSV
added 2025/03/05 12:15 p.m.4 views

CVE-2025-1702

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user suppli...

7.5CVSS5.9AI score0.00661EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/05 11:22 a.m.31 views

CVE-2025-1702 Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user suppli...

7.5CVSS0.00661EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/21 9:21 a.m.17 views

CVE-2024-12276 Ultimate Member <= 2.9.2 - Authenticated SQL Injection

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter...

5.3CVSS0.00333EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/21 9:21 a.m.11 views

CVE-2024-12276 Ultimate Member <= 2.9.2 - Authenticated SQL Injection

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter...

5.3CVSS5.3AI score0.00333EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/20 11:37 p.m.4 views

WordPress Ultimate Member plugin <= 2.9.2 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.9.2...

6.5CVSS8.1AI score0.00333EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 12:55 a.m.8 views

CVE-2022-3383

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the getoptionvaluefromcallback function that accepts user supplied input and passes it through calluserfunc. This makes it possible for authenticated attackers, with...

7.2CVSS7.1AI score0.0278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:9 p.m.15 views

CVE-2020-36156

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role e.g., Administrator during a profile...

9.9CVSS7AI score0.02032EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/05 3:8 p.m.21 views

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a...

10CVSS6.7AI score0.02961EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.10 views

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS6.7AI score0.08975EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/05 12:2 p.m.14 views

CVE-2024-7493

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wpinsertuser during registration. This makes it possible for unauthenticated attackers to update their role ...

9.8CVSS7.1AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:52 a.m.8 views

CVE-2024-2123

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and...

7.2CVSS6.2AI score0.26666EPSS
Exploits0References1
NVD
NVD
added 2025/01/18 6:15 a.m.22 views

CVE-2025-0318

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for...

5.3CVSS0.00342EPSS
Exploits0References2
CVE
CVE
added 2025/01/18 5:33 a.m.119 views

CVE-2025-0308

The CVE covers WordPress plugin Ultimate Member (versions up to 2.9.1) with a time-based SQL Injection via the search parameter caused by insufficient escaping and lack of proper query preparation, enabling unauthenticated attackers to append SQL to existing queries to extract data. Some connecte...

7.5CVSS7.6AI score0.00513EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/18 5:33 a.m.17 views

CVE-2025-0318 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for...

5.3CVSS5.2AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/18 5:33 a.m.27 views

CVE-2025-0318 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for...

5.3CVSS0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.8 views

PT-2025-3823 · WordPress · The Ultimate Member

Name of the Vulnerable Software and Affected Versions: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress versions up to, and including, 2.9.1 Description: The issue is related to time-based SQL Injection via the...

7.5CVSS9.8AI score0.00513EPSS
Exploits0References11
Rows per page
Query Builder