Lucene search
K

180 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS0.00393EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to 2.10.1 due to insufficient escaping and lack of proper SQL query preparation. This a...

7.5CVSS6AI score0.00393EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS6AI score0.00393EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/06 9:57 a.m.8 views

WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by daroo in WordPress Plugin Ultimate Member versions = 2.11.4...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 6:0 a.m.37 views

CVE-2026-11766 Ultimate Member < 2.12.0 - Subscriber+ Stored XSS via Custom Textarea Profile Fields

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 6:0 a.m.19 views

CVE-2026-11766

CVE-2026-11766 affects the Ultimate Member WordPress plugin (before 2.12.0). The vulnerability is a stored XSS in custom textarea profile fields: unescaped/sanitised values are output on user profiles, enabling an authenticated user with Subscriber-level access and above to inject JavaScript that...

8CVSS6AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 6:16 a.m.7 views

CVE-2026-8489

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...

6.4CVSS0.00241EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41486

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.39 views

CVE-2026-8489 Ultimate Member <= 2.11.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Non-HTML Custom Textarea Profile Field

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...

6.4CVSS0.00241EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55497

Name of the Vulnerable Software and Affected Versions Ultimate Member versions prior to 2.11.5 Description The Ultimate Member plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping when handling the about me...

6.4CVSS6.1AI score0.00241EPSS
Exploits0References15
NVD
NVD
added 2026/06/24 8:16 a.m.15 views

CVE-2026-7761

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS0.00499EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:49 a.m.6 views

CVE-2026-7761

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS5.9AI score0.00499EPSS
Exploits0References11
CVE
CVE
added 2026/04/08 8:30 a.m.8 views

CVE-2026-39659

CVE-2026-39659 concerns a Missing Authorization vulnerability in the Ultimate Member plugin. The Red Hat and EUVD/NVD entries indicate Ultimate Member contains an Incorrectly Configured Access Control vulnerability that affects versions up to and including 2.11.3. The available documents do not s...

5.9AI score0.00037EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/04 7:41 a.m.6 views

CVE-2025-15064

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, 2.11.1 due to insufficient input sanitization a...

6.4CVSS6.1AI score0.00269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.5 views

CVE-2026-4248

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the 'usermeta:passwordresetlink' template tag being processed within post content via the 'umloggedin' shortcode, which generates a valid password...

8CVSS5.9AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 10:26 p.m.3 views

CVE-2026-4248

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the 'usermeta:passwordresetlink' template tag being processed within post content via the 'umloggedin' shortcode, which generates a valid password...

8CVSS5.9AI score0.00229EPSS
Exploits0References5
NVD
NVD
added 2026/02/18 3:18 p.m.11 views

CVE-2026-1404

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters e.g., 'filterfirstname' in all versions up to, and including, 2.11.1 due to insufficien...

6.1CVSS0.00211EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/18 2:24 p.m.9 views

CVE-2026-1404 Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters e.g., 'filterfirstname' in all versions up to, and including, 2.11.1 due to insufficien...

6.1CVSS5.7AI score0.00211EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.17 views

PT-2026-20421

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters e.g., 'filter first name' in all versions up to, and including, 2.11.1 due to...

6.1CVSS5.7AI score0.00211EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.12 views

WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.8AI score0.00211EPSS
Exploits1References4
Rows per page
Query Builder