Known Vulnerabilities for products from Ultimatemember
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ultimatemember".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects... | Not Provided | 2024-12-16 | 2026-04-01 |
| CVE-2021-39329 | The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitiz... | 4.8 - MEDIUM | 2021-10-19 | 2021-10-22 |
| CVE-2021-24306 | The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not pro... | 5.4 - MEDIUM | 2021-05-24 | 2023-11-07 |
| CVE-2020-36170 | The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. | 5.3 - MEDIUM | 2021-01-06 | 2021-01-08 |
| CVE-2020-36157 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation v... | 9.8 - CRITICAL | 2021-01-04 | 2021-07-21 |
| CVE-2020-36156 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via... | 8.8 - HIGH | 2021-01-04 | 2021-01-08 |
| CVE-2020-36155 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation v... | 9.8 - CRITICAL | 2021-01-04 | 2021-01-07 |
| CVE-2020-6859 | Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin thro... | 5.3 - MEDIUM | 2020-01-13 | 2020-01-22 |
| CVE-2019-14947 | The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | 5.4 - MEDIUM | 2019-08-12 | 2019-08-14 |
| CVE-2019-14946 | The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | 5.4 - MEDIUM | 2019-08-12 | 2019-08-14 |
| CVE-2019-14945 | The ultimate-member plugin before 2.0.54 for WordPress has XSS. | 5.4 - MEDIUM | 2019-08-12 | 2019-08-14 |
| CVE-2019-10673 | A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows... | 8.8 - HIGH | 2019-04-03 | 2020-03-16 |
| CVE-2019-10271 | An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture mo... | 4.3 - MEDIUM | 2019-06-24 | 2020-08-24 |
| CVE-2019-10270 | An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lac... | 8.8 - HIGH | 2019-06-21 | 2023-04-17 |
| CVE-2018-20965 | The ultimate-member plugin before 2.0.4 for WordPress has XSS. | 6.1 - MEDIUM | 2019-08-12 | 2023-02-24 |
| CVE-2018-17866 | Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Prof... | 6.1 - MEDIUM | 2018-10-09 | 2019-09-03 |
| CVE-2018-13136 | The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | 6.1 - MEDIUM | 2018-07-04 | 2019-09-18 |
| CVE-2018-10234 | Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Accoun... | 4.8 - MEDIUM | 2018-04-23 | 2018-05-24 |
| CVE-2018-10233 | The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request for... | 8.8 - HIGH | 2018-04-23 | 2019-10-06 |
| CVE-2018-6944 | core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability be... | 6.1 - MEDIUM | 2018-02-16 | 2019-08-28 |
Known software with vulnerabilities from Ultimatemember
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ultimatemember | Ultimate Member | 1.0.0 |
| Application | Ultimatemember | User Profile Amp Membership | 1.0.0 |