Product
ultimatemember ultimate member
53 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-12276
CVE-2025-0318
CVE-2025-0308
CVE-2024-54367
CVE-2023-23715
CVE-2024-11204
CVE-2024-10879
CVE-2024-10880
CVE-2024-10528
CVE-2024-8520
CVE-2024-8519
CVE-2024-8428
CVE-2024-2765
CVE-2024-1071
CVE-2024-2123
CVE-2023-31216
CVE-2023-3460
CVE-2022-4061
CVE-2022-3384
CVE-2022-3383
CVE-2022-3361
CVE-2022-3966
CVE-2022-1208
CVE-2022-1209
CVE-2021-39329
CVE-2021-24306
CVE-2020-36170
CVE-2020-36157
CVE-2020-36156
CVE-2020-36155
CVE-2020-6859
CVE-2019-14947
CVE-2019-14946
CVE-2019-14945
CVE-2018-20965
CVE-2016-10872
CVE-2015-9304
CVE-2019-10271
CVE-2019-10270
CVE-2019-10673
CVE-2018-17866
CVE-2018-13136
CVE-2018-0590
CVE-2018-0589
CVE-2018-0588
CVE-2018-0587
CVE-2018-0586
CVE-2018-0585
CVE-2018-10234
CVE-2018-10233
CVE-2018-6944
CVE-2018-6943
CVE-2015-8354
< 2.10.0
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
< 2.9.2
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
< 2.9.2
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
< 2.1.1
Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP allows Object Injection.This issue affects Foru
<= 1.2.2
Missing Authorization vulnerability in JobBoardWP - Job Board Listings and Submissions allows Exploiting Incorrectly Co
< 2.1.3
The ForumWP - Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ para
< 2.1.3
The ForumWP - Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_
< 1.3.1
The JobBoardWP - Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to th
< 2.9.0
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
< 2.8.7
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
< 2.8.7
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
<= 2.0.2
The ForumWP - Forum & Discussion Board Plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Objec
< 2.8.5
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
>= 2.1.3 and < 2.8.3
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
< 2.8.4
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for Word
<= 2.6.0
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
< 2.6.7
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilitie
< 1.2.2
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, a
<= 2.5.0
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the po
<= 2.5.0
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the ge
<= 2.5.0
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insuff
< 2.5.1
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the fu
<= 2.3.2
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individu
<= 2.3.1
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in t
<= 1.0.7
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization
< 2.1.20
The Ultimate Member - User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly s
< 2.1.13
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
< 2.1.12
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via Us
< 2.1.12
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Prof
< 2.1.12
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via Us
<= 2.1.2
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2
< 2.0.52
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.
< 2.0.52
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
< 2.0.54
The ultimate-member plugin before 2.0.54 for WordPress has XSS.
< 2.0.4
The ultimate-member plugin before 2.0.4 for WordPress has XSS.
< 1.3.40
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
< 1.3.18
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
< 2.0.40
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modific
< 2.0.40
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of
< 2.0.40
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows atta
< 2.0.28
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile &
< 2.0.18
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
< 2.0.4
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to
< 2.0.4
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to
< 2.0.4
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remot
< 2.0.4
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated
< 2.0.4
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows
< 2.0.4
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to injec
< 2.0.11
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Del
< 2.0.7
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery
all versions
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because
all versions
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability becaus
<= 1.3.28
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attacke