Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. id: CVE-2023-3460 info: name: Ultimate Member 2.6.7 - Unauthenticated Privilege...

WordPress plugin ultimate-member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2018-18687

Malware in sbrugna...

EUVD-2018-18688

Malware in sbrugna...

CVE-2018-13136

CVE-2018-13136 affects the WordPress plugin Ultimate Member (aka ultimatemember) for versions prior to 2.0.18, exposing a cross-site scripting (XSS) vulnerability via the wp-admin settings screen. The issue is documented across multiple sources (CNVD/EUVD/OpenVAS/NVD/CVE records) as an XSS in thi...

CVE-2018-6943

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

Cross site scripting

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

CVE-2018-6944

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

Cross site scripting

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

CVE-2018-6944

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

CVE-2018-6943

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

CVE-2018-6944

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

CVE-2018-6943

The CVE-2018-6943 entry concerns the WordPress UltimateMember plugin (v2.0) where core/lib/upload/um-image-upload.php is vulnerable to cross-site scripting due to improper sanitization of input assigned to the $temp variable. This XSS condition is documented across multiple sources (NVD listing a...

CVE-2018-6943

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable...

CVE-2018-6944

CVE-2018-6944 affects the WordPress plugin UltimateMember (version 2.0) where core/lib/upload/um-file-upload.php is vulnerable to cross-site scripting due to improper sanitization of input assigned to the $temp variable. This XSS vulnerability could allow injected JavaScript to be executed in the...

WordPress UltimateMember 2.0 Cross Site Scripting

1 of 2: Exploit Title: Stored Cross-Site Scripting XSS in UltimateMember Wordpress plugin 2.0 CVE: CVE-2018-6943 Date: 02-12-2018 Software Link: https://ultimatemember.com Exploit Author: Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: https://ultimatemember.co...