3 matches found
CVE-2018-0590
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors...
CVE-2018-0590
CVE-2018-0590 affects the WordPress plugin Ultimate Member, prior to version 2.0.4. The vulnerability allows remote authenticated attackers to bypass access restrictions and modify other users’ profiles via unspecified vectors due to an access‑control bypass in the plugin (CWE-284). Affected vers...
JVN#28804532: Multiple vulnerabilities in WordPress plugin "Ultimate Member"
The WordPress plugin "Ultimate Member" provided by Ultimate Member contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0585 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...