Search Results (46 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20965 1 Ultimatemember 1 Ultimate Member 2024-11-21 6.1 Medium
The ultimate-member plugin before 2.0.4 for WordPress has XSS.
CVE-2018-17866 1 Ultimatemember 1 Ultimate Member 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
CVE-2018-13136 1 Ultimatemember 1 Ultimate Member 2024-11-21 N/A
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
CVE-2018-0585 1 Ultimatemember 1 Ultimate Member 2024-11-21 N/A
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-10872 1 Ultimatemember 1 Ultimate Member 2024-11-21 6.1 Medium
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
CVE-2015-9304 1 Ultimatemember 1 Ultimate Member 2024-11-21 6.1 Medium
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.