167 matches found
CVE-2026-39659
CVE-2026-39659 concerns a Missing Authorization vulnerability in the Ultimate Member plugin. The Red Hat and EUVD/NVD entries indicate Ultimate Member contains an Incorrectly Configured Access Control vulnerability that affects versions up to and including 2.11.3. The available documents do not s...
CVE-2025-15064
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, 2.11.1 due to insufficient input sanitization a...
CVE-2026-4248
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the 'usermeta:passwordresetlink' template tag being processed within post content via the 'umloggedin' shortcode, which generates a valid password...
CVE-2026-4248
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the 'usermeta:passwordresetlink' template tag being processed within post content via the 'umloggedin' shortcode, which generates a valid password...
CVE-2026-1404
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters e.g., 'filterfirstname' in all versions up to, and including, 2.11.1 due to insufficien...
CVE-2026-1404 Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters e.g., 'filterfirstname' in all versions up to, and including, 2.11.1 due to insufficien...
PT-2026-20421
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters e.g., 'filter first name' in all versions up to, and including, 2.11.1 due to...
WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-13220
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...
CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...
CVE-2025-12492
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
CVE-2025-12492
The CVE CVE-2025-12492 affects Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress. It exposes sensitive information via an unauthenticated AJAX endpoint (ajax_get_members) due to a low-entropy, predictable token (5 hex char...
CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
PT-2025-52548
Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions prior to 2.11.1 Description The Ultimate Member plugin for WordPress is affected by a sensitive information exposure issue. Insufficient authorization checks on an unauthenticated AJAX endpoint,...
CVE-2025-14081
Technical details for CVE-2025-14081 are not publicly disclosed in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2025-14081 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...
EUVD-2015-9144
Malware in sbrugna...
EUVD-2018-1399
Malware in sbrugna...
EUVD-2018-1395
Malware in sbrugna...