Product:

Ultimate_member

(Ultimatemember)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 28
Date Id Summary Products Score Patch Annotated
2018-05-14 CVE-2018-0585 Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ultimate_member 5.4
2018-07-04 CVE-2018-13136 The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. Ultimate_member 6.1
2018-10-09 CVE-2018-17866 Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. Ultimate_member 6.1
2018-02-16 CVE-2018-6944 core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. Ultimate_member 6.1
2019-08-12 CVE-2019-14947 The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. Ultimate_member 5.4
2019-08-12 CVE-2019-14946 The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. Ultimate_member 5.4
2019-08-12 CVE-2019-14945 The ultimate-member plugin before 2.0.54 for WordPress has XSS. Ultimate_member 5.4
2017-09-11 CVE-2015-8354 Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. Ultimate_member 6.1