Filtered by vendor Ultimatemember
Subscribe
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0585 | 1 Ultimatemember | 1 Ultimate Member | 2019-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0590 | 1 Ultimatemember | 1 User Profile \& Membership | 2019-11-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. | |||||
| CVE-2018-0586 | 1 Ultimatemember | 1 User Profile \& Membership | 2019-11-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-10233 | 1 Ultimatemember | 1 User Profile \& Membership | 2019-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin. | |||||
| CVE-2018-13136 | 1 Ultimatemember | 1 Ultimate Member | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | |||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | |||||
| CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2019-14946 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | |||||
| CVE-2019-14945 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.54 for WordPress has XSS. | |||||
| CVE-2019-14947 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | |||||
| CVE-2015-8354 | 1 Ultimatemember | 1 Ultimate Member | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | |||||
| CVE-2018-10234 | 1 Ultimatemember | 1 User Profile \& Membership | 2018-05-24 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | |||||