Latest medium severity vulnerabilities for "ultimate member"

Ultimate MemberWordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability

medium

5.5

EPSS

0.04%

First published (updated )

CVE-2025-47691

Ultimate MemberUltimate Member <= 2.9.2 - Authenticated SQL Injection

medium

6.5

First published (updated )

CVE-2024-12276

Ultimate MemberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure

medium

5.3

EPSS

0.05%

First published (updated )

CVE-2025-0318

Ultimate MemberForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter

medium

6.1

First published (updated )

CVE-2024-11204

Ultimate MemberForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting

medium

6.1

First published (updated )

CVE-2024-10879

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Ultimate MemberUltimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update

medium

4.3

First published (updated )

CVE-2024-10528

Ultimate MemberUltimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

medium

6.4

EPSS

0.05%

First published (updated )

CVE-2024-8519

Ultimate MemberUltimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change

medium

5.3

EPSS

0.09%

First published (updated )

CVE-2024-8520

Ultimate MemberXSS

medium

5.4

First published (updated )

CVE-2024-2765

Ultimate MemberPath Traversal, Input Validation

medium

4.3

First published (updated )

CVE-2022-3361

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Ultimate MemberXSS

medium

6.4

First published (updated )

CVE-2022-1208

Ultimate MemberThe Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient va…

medium

5.4

First published (updated )

CVE-2022-1209

Ultimate MemberJobBoardWP – Job Board Listings and Submissions <= 1.0.7 Authenticated Stored Cross-Site Scripting

medium

5.5

First published (updated )

CVE-2021-39329

Ultimate MemberUltimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)

medium

5.4

First published (updated )

CVE-2021-24306

Ultimate MemberThe Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in …

medium

5.3

First published (updated )

CVE-2020-36170

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Ultimate MemberMultiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ul…

medium

5.3

First published (updated )

CVE-2020-6859

Ultimate MemberXSS

medium

6.1

First published (updated )

CVE-2016-10872

Ultimate MemberXSS

medium

5.4

First published (updated )

CVE-2019-14945

Ultimate MemberXSS

medium

5.4

First published (updated )

CVE-2019-14946

Ultimate MemberXSS

medium

5.4

First published (updated )

CVE-2019-14947

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Ultimate MemberXSS

medium

6.1

First published (updated )

CVE-2018-20965

Ultimate MemberXSS

medium

6.1

First published (updated )

CVE-2015-9304

Ultimate MemberAn issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized pro…

medium

4.3

First published (updated )

CVE-2019-10271

Ultimate MemberXSS

medium

6.1

First published (updated )

CVE-2018-17866

Ultimate MemberXSS

medium

6.1

First published (updated )

CVE-2018-13136

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Ultimate MemberMalicious File Upload

medium

4.3

First published (updated )

CVE-2018-0587

Ultimate MemberPath Traversal

medium

4.3

First published (updated )

CVE-2018-0586

Ultimate MemberUltimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to…

medium

4.3

First published (updated )

CVE-2018-0589

Ultimate MemberUltimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to…

medium

4.3

First published (updated )

CVE-2018-0590

Ultimate MemberXSS

medium

5.4

First published (updated )

CVE-2018-0585

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Trending

Versions

Ultimate MemberWordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability

Ultimate MemberUltimate Member <= 2.9.2 - Authenticated SQL Injection

Ultimate MemberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure

Ultimate MemberForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter

Ultimate MemberForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting

Never miss a vulnerability like this again

Ultimate MemberUltimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update

Ultimate MemberUltimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Ultimate MemberUltimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change

Ultimate MemberXSS

Ultimate MemberPath Traversal, Input Validation

Never miss a vulnerability like this again

Ultimate MemberXSS

Ultimate MemberThe Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient va…

Ultimate MemberJobBoardWP – Job Board Listings and Submissions <= 1.0.7 Authenticated Stored Cross-Site Scripting

Ultimate MemberUltimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)

Ultimate MemberThe Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in …

Never miss a vulnerability like this again

Ultimate MemberMultiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ul…

Ultimate MemberXSS

Ultimate MemberXSS

Ultimate MemberXSS

Ultimate MemberXSS

Never miss a vulnerability like this again

Ultimate MemberXSS

Ultimate MemberXSS

Ultimate MemberAn issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized pro…

Ultimate MemberXSS

Ultimate MemberXSS

Never miss a vulnerability like this again

Ultimate MemberMalicious File Upload

Ultimate MemberPath Traversal

Ultimate MemberUltimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to…

Ultimate MemberUltimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to…

Ultimate MemberXSS

Never miss a vulnerability like this again

Company

Resources

Contact