Ultimatemember

Ultimatemember

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-7761

  • EPSS 0.5%
  • Veröffentlicht 24.06.2026 06:49:37
  • Zuletzt bearbeitet 24.06.2026 21:16:58

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (1) an MD5 hash fallback in get_directory_by_hash() ...

5.3

CVE-2026-39659

  • EPSS 0.02%
  • Veröffentlicht 08.04.2026 08:30:36
  • Zuletzt bearbeitet 21.04.2026 11:16:19

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

6.4

CVE-2025-15064

  • EPSS 0.27%
  • Veröffentlicht 04.04.2026 07:41:56
  • Zuletzt bearbeitet 24.04.2026 18:13:28

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, ...

6.4

CVE-2025-13220

  • EPSS 0.21%
  • Veröffentlicht 21.12.2025 03:20:06
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and incl...

5.3

CVE-2025-12492

  • EPSS 0.44%
  • Veröffentlicht 20.12.2025 08:22:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_memb...

4.3

CVE-2025-14081

  • EPSS 0.29%
  • Veröffentlicht 17.12.2025 18:21:35
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before ...

6.4

CVE-2025-13217

  • EPSS 0.26%
  • Veröffentlicht 17.12.2025 18:21:34
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2....

5.5

CVE-2025-47691

  • EPSS 0.24%
  • Veröffentlicht 07.05.2025 14:20:57
  • Zuletzt bearbeitet 23.04.2026 15:30:45

Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <= 2.10.3.

7.5

CVE-2025-1702

  • EPSS 0.66%
  • Veröffentlicht 05.03.2025 12:15:35
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 ...

6.1

CVE-2018-6943

Exploit
  • EPSS 1.1%
  • Veröffentlicht 16.02.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:27

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.