Ultimatemember

Ultimate Member

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-37169

Exploit
  • EPSS 0.25%
  • Veröffentlicht 13.05.2026 14:22:28
  • Zuletzt bearbeitet 13.05.2026 17:07:21

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with m...

6.5

CVE-2024-12276

  • EPSS 0.33%
  • Veröffentlicht 21.02.2025 10:15:10
  • Zuletzt bearbeitet 25.02.2025 03:34:14

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insuf...

5.3

CVE-2025-0318

  • EPSS 0.34%
  • Veröffentlicht 18.01.2025 06:15:28
  • Zuletzt bearbeitet 25.02.2025 22:09:05

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages...

7.5

CVE-2025-0308

  • EPSS 0.51%
  • Veröffentlicht 18.01.2025 06:15:27
  • Zuletzt bearbeitet 25.02.2025 22:14:17

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due...

4.3

CVE-2024-10528

  • EPSS 0.56%
  • Veröffentlicht 21.11.2024 11:15:19
  • Zuletzt bearbeitet 21.02.2025 19:40:08

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_i...

4.3

CVE-2024-8520

  • EPSS 0.31%
  • Veröffentlicht 04.10.2024 05:15:11
  • Zuletzt bearbeitet 08.10.2024 21:50:30

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or...

5.4

CVE-2024-8519

  • EPSS 0.4%
  • Veröffentlicht 04.10.2024 05:15:11
  • Zuletzt bearbeitet 16.10.2024 14:06:04

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and i...

5.4

CVE-2024-2765

  • EPSS 0.5%
  • Veröffentlicht 02.05.2024 17:15:19
  • Zuletzt bearbeitet 08.04.2026 18:21:11

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and i...

9.8

CVE-2024-1071

  • EPSS 89.43%
  • Veröffentlicht 13.03.2024 16:15:16
  • Zuletzt bearbeitet 21.02.2025 19:33:40

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping...

6.1

CVE-2024-2123

  • EPSS 26.67%
  • Veröffentlicht 13.03.2024 10:15:08
  • Zuletzt bearbeitet 08.04.2026 19:21:00

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8....