Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ultimate_member
(Ultimatemember)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-04 | CVE-2018-13136 | The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | Ultimate_member | 6.1 | ||
| 2018-10-09 | CVE-2018-17866 | Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | Ultimate_member | 6.1 | ||
| 2018-02-16 | CVE-2018-6944 | core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | Ultimate_member | 6.1 | ||
| 2019-08-12 | CVE-2019-14947 | The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | Ultimate_member | 5.4 | ||
| 2019-08-12 | CVE-2019-14946 | The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | Ultimate_member | 5.4 | ||
| 2019-08-12 | CVE-2019-14945 | The ultimate-member plugin before 2.0.54 for WordPress has XSS. | Ultimate_member | 5.4 | ||
| 2017-09-11 | CVE-2015-8354 | Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | Ultimate_member | 6.1 |