Filtered by vendor Ultimatemember
Subscriptions
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0589 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | N/A |
| Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors. | ||||
| CVE-2018-0588 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | N/A |
| Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0587 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. | ||||
| CVE-2018-0586 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | N/A |
| Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0585 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-10872 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 6.1 Medium |
| The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | ||||
| CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 6.1 Medium |
| The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | ||||
| CVE-2024-8519 | 1 Ultimatemember | 1 Ultimate Member | 2024-10-16 | 6.4 Medium |
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-8520 | 1 Ultimatemember | 1 Ultimate Member | 2024-10-08 | 5.3 Medium |
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-8428 | 2 Forumwp, Ultimatemember | 2 Forumwp, Forumwp | 2024-09-26 | 8.8 High |
| The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account. | ||||