Filtered by vendor Ultimatemember Subscriptions
Filtered by product Ultimate Member Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-0585 1 Ultimatemember 1 Ultimate Member 2019-11-20 N/A
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-13136 1 Ultimatemember 1 Ultimate Member 2019-09-18 N/A
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
CVE-2018-17866 1 Ultimatemember 1 Ultimate Member 2019-09-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
CVE-2018-6944 1 Ultimatemember 1 Ultimate Member 2019-08-28 N/A
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
CVE-2019-14946 1 Ultimatemember 1 Ultimate Member 2019-08-14 N/A
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
CVE-2019-14945 1 Ultimatemember 1 Ultimate Member 2019-08-14 N/A
The ultimate-member plugin before 2.0.54 for WordPress has XSS.
CVE-2019-14947 1 Ultimatemember 1 Ultimate Member 2019-08-14 N/A
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.
CVE-2015-8354 1 Ultimatemember 1 Ultimate Member 2018-10-09 N/A
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.