CVE-2025-14081
- EPSS 0.03%
- Veröffentlicht 17.12.2025 18:21:35
- Zuletzt bearbeitet 18.12.2025 15:07:42
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before ...
CVE-2025-13217
- EPSS 0.03%
- Veröffentlicht 17.12.2025 18:21:34
- Zuletzt bearbeitet 18.12.2025 15:07:42
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2....
CVE-2025-47691
- EPSS 0.03%
- Veröffentlicht 07.05.2025 14:20:57
- Zuletzt bearbeitet 08.05.2025 14:39:09
Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3.
CVE-2025-1702
- EPSS 0.84%
- Veröffentlicht 05.03.2025 12:15:35
- Zuletzt bearbeitet 05.03.2025 12:15:35
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 ...
CVE-2018-6943
- EPSS 0.17%
- Veröffentlicht 16.02.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:27
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.