Ultimatemember Ultimate Member vulnerabilities
37 known vulnerabilities affecting ultimatemember/ultimate_member.
Total CVEs
37
CISA KEV
0
Public exploits
3
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH8MEDIUM25
Vulnerabilities
Page 1 of 2
CVE-2024-1071P1CRITICALCVSS 9.8ExploitedPoC≥ 2.1.3, < 2.8.32024-03-13
CVE-2024-1071 [CRITICAL] CWE-89 CVE-2024-1071: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak
nvd
CVE-2023-3460P1CRITICALCVSS 9.8ExploitedPoCfixed in 2.6.72023-07-04
CVE-2023-3460 [CRITICAL] CWE-269 CVE-2023-3460: The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accou
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
nvd
CVE-2020-36155P1CRITICALCVSS 9.8ExploitedPoCfixed in 2.1.122021-01-04
CVE-2020-36155 [CRITICAL] CWE-269 CVE-2020-36155: An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed
nvd
CVE-2024-2123P2MEDIUMCVSS 6.1Exploitedfixed in 2.8.42024-03-13
CVE-2024-2123 [MEDIUM] CWE-79 CVE-2024-2123: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated
nvd
CVE-2020-36157P3CRITICALCVSS 9.8fixed in 2.1.122021-01-04
CVE-2020-36157 [CRITICAL] CVE-2020-36157: An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) a
nvd
CVE-2019-10270P3HIGHCVSS 8.8fixed in 2.0.402019-06-21
CVE-2019-10270 [HIGH] CWE-640 CVE-2019-10270: An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. I
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to know the user_id, which is publicly available. One just has to int
nvd
CVE-2020-36156P3HIGHCVSS 8.8fixed in 2.1.122021-01-04
CVE-2020-36156 [HIGH] CWE-269 CVE-2020-36156: An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.
nvd
CVE-2025-0308P3HIGHCVSS 7.5fixed in 2.9.22025-01-18
CVE-2025-0308 [HIGH] CWE-89 CVE-2025-0308: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin
nvd
CVE-2019-10673P3HIGHCVSS 8.8fixed in 2.0.402019-04-03
CVE-2019-10673 [HIGH] CWE-352 CVE-2019-10673: A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to
nvd
CVE-2022-3384P3HIGHCVSS 7.2≤ 2.5.02022-11-29
CVE-2022-3384 [HIGH] CWE-94 CVE-2022-3384: The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, a
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through
nvd
CVE-2022-3383P3HIGHCVSS 7.2≤ 2.5.02022-11-29
CVE-2022-3383 [HIGH] CWE-94 CVE-2022-3383: The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, a
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server
nvd
CVE-2022-3966P3HIGHCVSS 7.5fixed in 2.5.12022-11-13
CVE-2022-3966 [HIGH] CWE-22 CVE-2022-3966: A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to versio
nvd
CVE-2024-12276P3MEDIUMCVSS 6.5fixed in 2.10.02025-02-21
CVE-2024-12276 [MEDIUM] CWE-89 CVE-2024-12276: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL
nvd
CVE-2023-31216P4HIGHCVSS 8.8≤ 2.6.02023-07-17
CVE-2023-31216 [HIGH] CWE-352 CVE-2023-31216: Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
nvd
CVE-2022-3361P4MEDIUMCVSS 4.3≤ 2.5.02022-11-29
CVE-2022-3361 [MEDIUM] CWE-22 CVE-2022-3361: The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outsi
nvd
CVE-2020-6859P4MEDIUMCVSS 5.3≤ 2.1.22020-01-13
CVE-2020-6859 [MEDIUM] CWE-639 CVE-2020-6859: Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ul
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
nvd
CVE-2025-0318P4MEDIUMCVSS 5.3fixed in 2.9.22025-01-18
CVE-2025-0318 [MEDIUM] CWE-200 CVE-2025-0318: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_user
nvd
CVE-2022-1209P4MEDIUMCVSS 5.4≤ 2.3.12022-05-10
CVE-2022-1209 [MEDIUM] CWE-601 CVE-2022-1209: The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient va
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
nvd
CVE-2015-8354P4MEDIUMCVSS 6.1≤ 1.3.282017-09-11
CVE-2015-8354 [MEDIUM] CWE-79 CVE-2015-8354: Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for W
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
nvd
CVE-2018-6944P4MEDIUMCVSS 6.1v2.02018-02-16
CVE-2018-6944 [MEDIUM] CWE-79 CVE-2018-6944: core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site s
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
nvd
1 / 2Next →