CVE-2026-39659

...

CVE-2018-20965

The ultimate-member plugin before 2.0.4 for WordPress has XSS...

CVE-2016-10872

The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form...

WordPress Ultimate Member Plugin <= 2.8.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8520 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7e0506c6b50a Credits Jack Taylor Required...

WordPress Ultimate Member Plugin < 2.0.54 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ultimatemember:ultimatemember"; ifdescription...

WordPress Ultimate Member plugin <= 2.1.11 - Unauthenticated/Authenticated Privilege Escalation

Unauthenticated Privilege Escalation via User Meta vulnerability found by Chloe Chamberland in WordPress Ultimate Member plugin versions = 2.1.11. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.12...

WordPress Ultimate Member Plugin < 2.0.4 Multiple Vulnerabilities

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...