Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Information

Software Type Plugin
Software Slug ultimate-member (view on wordpress.org)
Software Status Active
Software Author ultimatemember
Software Website ultimatemember.com
Software Downloads 10,107,677
Software Active Installs 200,000
Software Record Last Updated May 17, 2024

Showing 1-20 of 55 Vulnerabilities

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.6.8 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Aug 8, 2023
Researchers:
Ultimate Member <= 2.6.0 - Cross-Site Request Forgery to Form Duplication
4.3
CVE-2023-31216
May 30, 2023
Researcher: Nguyen Xuan Chien
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes
4.3
CVE-2022-3361
Oct 28, 2022
Researcher: Ruijie Li
Ultimate Member <= 2.3.1 - Arbitrary Redirect
4.3
CVE-2022-1209
Apr 29, 2022
Researcher: Ruijie Li
Ultimate Member <= 2.0.3 - Unauthorized Image File Upload
4.3
CVE-2018-0587
Aug 12, 2019
Researcher: Gen Sato
Ultimate Member <= 2.0.3 - Directory Traversal
4.3
CVE-2018-0586
Aug 12, 2019
Researcher: Gen Sato
Ultimate Member <= 2.0.39 - Unauthorized Profile Modification
4.3
CVE-2019-10271
Jun 15, 2019
Researcher: Clément CRUCHET
Ultimate Member <= 2.0.3 - Improper Access Control
4.3
CVE-2018-0589
May 14, 2018
Researchers:
Ultimate Member < 2.0.4 - Insecure Direct Object Reference
4.3
CVE-2018-0590
May 10, 2018
Researcher: Gen Sato
Ultimate Member <= 2.0.39 - Directory Traversal
4.3
CVE-2018-0588
May 10, 2018
Researcher: Gen Sato
Ultimate Member < 2.0.4 - Authenticated Unrestricted File Upload
4.3
CVE-2018-0587
May 10, 2018
Researcher: Gen Sato
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Directory Traversal
4.7
CVE-2022-2445
Oct 28, 2022
Researcher: Ruijie Li
Ultimate Member <= 2.1.2 - Insecure Direct Object Reference
5.3
CVE-2020-6859
Jan 13, 2020
Researchers:
Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
5.4
CVE-2024-2765
Apr 10, 2024
Researcher: tiborisaak
Ultimate Member <= 2.4.0 - Subscriber+ Stored Cross-Site Scripting
5.4
CVE ID Unknown
Jul 15, 2022
Researchers:
Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting
5.4
CVE-2019-14947
Jun 24, 2019
Researcher: m0ns7er
Ultimate Member <= 2.0.45 - Admin+ Stored Cross-Site Scripting
5.5
CVE ID Unknown
May 13, 2019
Researcher: Antony Garand
Ultimate Member <= 2.0.10 - Authenticated Cross-Site Scripting
5.5
CVE-2018-10234
Apr 23, 2018
Researcher: Riccardo ten Cate
Ultimate Member <= 2.1.19 - Reflected Cross-Site Scripting
6.1
CVE-2021-24306
May 7, 2021
Researcher: riki aji
Ultimate Member <= 2.1.6 - Open Redirect
6.1
CVE ID Unknown
Jul 23, 2020
Researcher: tonyko
Title Status CVE ID CVSS Researchers Date
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.6.8 - Cross-Site Request Forgery Patched 4.3 August 8, 2023
Ultimate Member <= 2.6.0 - Cross-Site Request Forgery to Form Duplication Patched CVE-2023-31216 4.3 Nguyen Xuan Chien May 30, 2023
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes Patched CVE-2022-3361 4.3 Ruijie Li October 28, 2022
Ultimate Member <= 2.3.1 - Arbitrary Redirect Patched CVE-2022-1209 4.3 Ruijie Li April 29, 2022
Ultimate Member <= 2.0.3 - Unauthorized Image File Upload Patched CVE-2018-0587 4.3 Gen Sato August 12, 2019
Ultimate Member <= 2.0.3 - Directory Traversal Patched CVE-2018-0586 4.3 Gen Sato August 12, 2019
Ultimate Member <= 2.0.39 - Unauthorized Profile Modification Patched CVE-2019-10271 4.3 Clément CRUCHET June 15, 2019
Ultimate Member <= 2.0.3 - Improper Access Control Patched CVE-2018-0589 4.3 May 14, 2018
Ultimate Member < 2.0.4 - Insecure Direct Object Reference Patched CVE-2018-0590 4.3 Gen Sato May 10, 2018
Ultimate Member <= 2.0.39 - Directory Traversal Patched CVE-2018-0588 4.3 Gen Sato May 10, 2018
Ultimate Member < 2.0.4 - Authenticated Unrestricted File Upload Patched CVE-2018-0587 4.3 Gen Sato May 10, 2018
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Directory Traversal Patched CVE-2022-2445 4.7 Ruijie Li October 28, 2022
Ultimate Member <= 2.1.2 - Insecure Direct Object Reference Patched CVE-2020-6859 5.3 January 13, 2020
Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Patched CVE-2024-2765 5.4 tiborisaak April 10, 2024
Ultimate Member <= 2.4.0 - Subscriber+ Stored Cross-Site Scripting Patched 5.4 July 15, 2022
Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting Patched CVE-2019-14947 5.4 m0ns7er June 24, 2019
Ultimate Member <= 2.0.45 - Admin+ Stored Cross-Site Scripting Patched 5.5 Antony Garand May 13, 2019
Ultimate Member <= 2.0.10 - Authenticated Cross-Site Scripting Patched CVE-2018-10234 5.5 Riccardo ten Cate April 23, 2018
Ultimate Member <= 2.1.19 - Reflected Cross-Site Scripting Patched CVE-2021-24306 6.1 riki aji May 7, 2021
Ultimate Member <= 2.1.6 - Open Redirect Patched 6.1 tonyko July 23, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation