Ultimatemember User Profile & Membership — known CVE vulnerabilities
Every CVE whose affected-product data names Ultimatemember User Profile & Membership, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-10233 — CVSS 8.8 (high): The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks…
CVE-2018-0588 — CVSS 7.5 (high): Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote…
CVE-2018-10234 — CVSS 4.8 (medium): Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion…
CVE-2018-0590 — CVSS 4.3 (medium): Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify…
CVE-2018-0589 — CVSS 4.3 (medium): Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new…
CVE-2018-0587 — CVSS 4.3 (medium): Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to…
CVE-2018-0586 — CVSS 4.3 (medium): Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote…