Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20965 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 2.0.4 for WordPress has XSS. | |||||
| CVE-2019-14947 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | |||||
| CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | |||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | |||||
| CVE-2018-13136 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | |||||
| CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-0585 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-8354 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | |||||