Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Information

Software Type Plugin
Software Slug ultimate-member (view on wordpress.org)
Software Status Active
Software Author ultimatemember
Software Website ultimatemember.com
Software Downloads 10,107,677
Software Active Installs 200,000
Software Record Last Updated May 17, 2024

Showing 21-40 of 55 Vulnerabilities

Ultimate Member <= 2.1.2 - Insecure Direct Object Reference
5.3
CVE-2020-6859
Jan 13, 2020
Researchers:
Ultimate Member <= 2.0.3 - Directory Traversal
4.3
CVE-2018-0586
Aug 12, 2019
Researcher: Gen Sato
Ultimate Member <= 2.0.3 - Unauthorized Image File Upload
4.3
CVE-2018-0587
Aug 12, 2019
Researcher: Gen Sato
Ultimate Member <= 2.0.3 - Cross Site Scripting
6.1
CVE-2018-20965
Aug 12, 2019
Researcher: Gen Sato
Ultimate Member <= 1.3.88 - Cross Site Scripting
6.1
CVE-2018-0585
Aug 12, 2019
Researcher: Gen Sato
Ultimate Member <= 2.0.53 - Cross-Site Scripting
6.4
CVE-2019-14945
Jul 22, 2019
Researchers:
Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting
5.4
CVE-2019-14947
Jun 24, 2019
Researcher: m0ns7er
Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting
6.1
CVE-2019-14946
Jun 24, 2019
Researcher: m0ns7er
Ultimate Member <= 2.0.39 - Privilege Escalation
8.8
CVE-2019-10270
Jun 15, 2019
Researcher: Clément CRUCHET
Ultimate Member <= 2.0.39 - Unauthorized Profile Modification
4.3
CVE-2019-10271
Jun 15, 2019
Researcher: Clément CRUCHET
Ultimate Member <= 2.0.45 - Admin+ Stored Cross-Site Scripting
5.5
CVE ID Unknown
May 13, 2019
Researcher: Antony Garand
Ultimate Member <= 2.0.45 - Low-Privileged Stored Cross-Site Scripting
6.4
CVE ID Unknown
May 13, 2019
Researcher: Antony Garand
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read
9.4
CVE ID Unknown
May 13, 2019
Researcher: Antony Garand
Ultimate Member <= 2.0.39 - Cross-Site Request Forgery
8.8
CVE-2019-10673
Apr 1, 2019
Researcher: Georg Knabl
Ultimate Member <= 2.0.32 - Cross-Site Request Forgery
6.1
CVE ID Unknown
Nov 27, 2018
Researchers:
Ultimate Member <= 2.0.27 - Multiple Cross-Site Scripting vulnerabilities
6.1
CVE-2018-17866
Oct 6, 2018
Researchers:
Ultimate Member <= 2.0.21 - Cross-Site Scripting
6.1
CVE ID Unknown
Aug 9, 2018
Researchers:
Ultimate Member <= 2.0.21 - Arbitrary File Upload
8.8
CVE ID Unknown
Aug 8, 2018
Researchers:
Ultimate Member <= 2.0.17 - Authenticated Cross-Site Scripting
6.1
CVE-2018-13136
Jul 3, 2018
Researchers:
Ultimate Member <= 2.0.3 - Improper Access Control
4.3
CVE-2018-0589
May 14, 2018
Researchers:
Title Status CVE ID CVSS Researchers Date
Ultimate Member <= 2.1.2 - Insecure Direct Object Reference Patched CVE-2020-6859 5.3 January 13, 2020
Ultimate Member <= 2.0.3 - Directory Traversal Patched CVE-2018-0586 4.3 Gen Sato August 12, 2019
Ultimate Member <= 2.0.3 - Unauthorized Image File Upload Patched CVE-2018-0587 4.3 Gen Sato August 12, 2019
Ultimate Member <= 2.0.3 - Cross Site Scripting Patched CVE-2018-20965 6.1 Gen Sato August 12, 2019
Ultimate Member <= 1.3.88 - Cross Site Scripting Patched CVE-2018-0585 6.1 Gen Sato August 12, 2019
Ultimate Member <= 2.0.53 - Cross-Site Scripting Patched CVE-2019-14945 6.4 July 22, 2019
Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting Patched CVE-2019-14947 5.4 m0ns7er June 24, 2019
Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting Patched CVE-2019-14946 6.1 m0ns7er June 24, 2019
Ultimate Member <= 2.0.39 - Privilege Escalation Patched CVE-2019-10270 8.8 Clément CRUCHET June 15, 2019
Ultimate Member <= 2.0.39 - Unauthorized Profile Modification Patched CVE-2019-10271 4.3 Clément CRUCHET June 15, 2019
Ultimate Member <= 2.0.45 - Admin+ Stored Cross-Site Scripting Patched 5.5 Antony Garand May 13, 2019
Ultimate Member <= 2.0.45 - Low-Privileged Stored Cross-Site Scripting Patched 6.4 Antony Garand May 13, 2019
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read Patched 9.4 Antony Garand May 13, 2019
Ultimate Member <= 2.0.39 - Cross-Site Request Forgery Patched CVE-2019-10673 8.8 Georg Knabl April 1, 2019
Ultimate Member <= 2.0.32 - Cross-Site Request Forgery Patched 6.1 November 27, 2018
Ultimate Member <= 2.0.27 - Multiple Cross-Site Scripting vulnerabilities Patched CVE-2018-17866 6.1 October 6, 2018
Ultimate Member <= 2.0.21 - Cross-Site Scripting Patched 6.1 August 9, 2018
Ultimate Member <= 2.0.21 - Arbitrary File Upload Patched 8.8 August 8, 2018
Ultimate Member <= 2.0.17 - Authenticated Cross-Site Scripting Patched CVE-2018-13136 6.1 July 3, 2018
Ultimate Member <= 2.0.3 - Improper Access Control Patched CVE-2018-0589 4.3 May 14, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation