Product
ultimatemember user profile \& membership
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2018-0590
CVE-2018-0589
CVE-2018-0588
CVE-2018-0587
CVE-2018-0586
CVE-2018-10234
CVE-2018-10233
< 2.0.4
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to
< 2.0.4
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to
< 2.0.4
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remot
< 2.0.4
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated
< 2.0.4
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows
< 2.0.11
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Del
< 2.0.7
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery