Filtered by vendor Ultimatemember
Subscriptions
Total
38 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-39329 | 1 Ultimatemember | 1 Jobboardwp | 2024-09-16 | 5.5 Medium |
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-06 | 6.1 Medium |
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | ||||
CVE-2015-8354 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | ||||
CVE-2016-10872 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-06 | 6.1 Medium |
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | ||||
CVE-2018-20965 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | 6.1 Medium |
The ultimate-member plugin before 2.0.4 for WordPress has XSS. | ||||
CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | ||||
CVE-2018-13136 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | N/A |
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | ||||
CVE-2018-10234 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | ||||
CVE-2018-10233 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin. | ||||
CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | N/A |
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | ||||
CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2024-08-05 | N/A |
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | ||||
CVE-2018-0585 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | N/A |
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2018-0586 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2018-0587 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. | ||||
CVE-2018-0589 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors. | ||||
CVE-2018-0588 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2018-0590 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. | ||||
CVE-2019-14947 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | N/A |
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | ||||
CVE-2019-14946 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | N/A |
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | ||||
CVE-2019-14945 | 1 Ultimatemember | 1 Ultimate Member | 2024-08-05 | N/A |
The ultimate-member plugin before 2.0.54 for WordPress has XSS. |