Ultimate Member Security Vulnerabilities and Issues — Ultimate Member CVE List

Lucene search

UltimatememberUltimate Member

11 matches found

CVE•added 2022/05/10 8:15 p.m.•83 views

CVE-2022-1209

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.

5.4CVSS5.4AI score0.00382EPSS

CVE•added 2020/01/13 5:15 p.m.•74 views

CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and aja...

5.3CVSS5.4AI score0.01142EPSS

CVE•added 2024/05/02 5:15 p.m.•53 views

CVE-2024-2765

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input sanitiz...

5.4CVSS5.7AI score0.00211EPSS

CVE•added 2021/05/24 11:15 a.m.•49 views

CVE-2021-24306

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowled...

5.4CVSS5.2AI score0.00205EPSS

CVE•added 2019/08/12 4:15 p.m.•48 views

CVE-2019-14945

The ultimate-member plugin before 2.0.54 for WordPress has XSS.

5.4CVSS5.5AI score0.00685EPSS

CVE•added 2025/01/18 6:15 a.m.•46 views

CVE-2025-0318

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for una...

5.3CVSS6.9AI score0.00052EPSS

CVE•added 2019/08/12 4:15 p.m.•45 views

CVE-2019-14946

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.

5.4CVSS5.2AI score0.00458EPSS

CVE•added 2019/08/12 4:15 p.m.•45 views

CVE-2019-14947

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.

5.4CVSS5.3AI score0.00685EPSS

CVE•added 2018/05/14 1:29 p.m.•44 views

CVE-2018-0585

Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.8AI score0.00417EPSS

CVE•added 2024/10/04 5:15 a.m.•42 views

CVE-2024-8520

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or ...

5.3CVSS4.8AI score0.00103EPSS

CVE•added 2021/01/06 2:15 p.m.•34 views

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.

5.3CVSS5.3AI score0.00204EPSS