Known Vulnerabilities for products from Ultimatemember
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ultimatemember".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-54367 json | Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects... | Not Provided | 2024-12-16 | 2026-04-01 |
| CVE-2024-11204 json | The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url�... | Not Provided | 2024-12-06 | 2026-04-08 |
| CVE-2024-10879 json | The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use ... | Not Provided | 2024-12-06 | 2026-04-08 |
| CVE-2024-8428 json | The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direc... | Not Provided | 2024-09-06 | 2026-04-08 |
| CVE-2024-2765 json | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin f... | Not Provided | 2024-05-02 | 2026-04-08 |
| CVE-2024-2123 json | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin f... | Not Provided | 2024-03-13 | 2026-04-08 |
| CVE-2023-31216 json | Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. | 8.8 - HIGH | 2023-07-17 | 2023-07-26 |
| CVE-2023-3460 json | The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabi... | 9.8 - CRITICAL | 2023-07-04 | 2023-11-07 |
| CVE-2022-4061 json | The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionaliti... | 7.5 - HIGH | 2022-12-19 | 2023-11-07 |
| CVE-2022-3966 json | A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects t... | 7.5 - HIGH | 2022-11-13 | 2023-11-07 |
| CVE-2022-3384 json | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via t... | Not Provided | 2022-11-29 | 2026-04-08 |
| CVE-2022-3383 json | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via t... | Not Provided | 2022-11-29 | 2026-04-08 |
| CVE-2022-3361 json | The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to i... | Not Provided | 2022-11-29 | 2026-04-08 |
| CVE-2022-1209 json | The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs... | Not Provided | 2022-05-10 | 2026-04-08 |
| CVE-2022-1208 json | The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on ind... | Not Provided | 2022-06-13 | 2026-04-08 |
| CVE-2021-39329 json | The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitiz... | 4.8 - MEDIUM | 2021-10-19 | 2021-10-22 |
| CVE-2021-24306 json | The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not pro... | 5.4 - MEDIUM | 2021-05-24 | 2023-11-07 |
| CVE-2020-36170 json | The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. | 5.3 - MEDIUM | 2021-01-06 | 2021-01-08 |
| CVE-2020-36157 json | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation v... | 9.8 - CRITICAL | 2021-01-04 | 2021-07-21 |
| CVE-2020-36156 json | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via... | 8.8 - HIGH | 2021-01-04 | 2021-01-08 |
Known software with vulnerabilities from Ultimatemember
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ultimatemember | Ultimate Member | 1.0.0 |
| Application | Ultimatemember | User Profile Amp Membership | 1.0.0 |