Filtered by vendor Ultimatemember
Subscriptions
Filtered by product User Profile \& Membership
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10234 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | ||||
| CVE-2018-10233 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin. | ||||
| CVE-2018-0586 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0587 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. | ||||
| CVE-2018-0589 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors. | ||||
| CVE-2018-0588 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0590 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. | ||||
Page 1 of 1.