VYPR

Ultimatemember

by Ultimatemember

Source repositories

CVEs (24)

  • CVE-2025-0318Jan 18, 2025
    risk 0.00cvss epss 0.00

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This…

  • CVE-2024-10528Nov 21, 2024
    risk 0.00cvss epss 0.01

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and…

  • CVE-2024-8519Oct 4, 2024
    risk 0.00cvss epss 0.00

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to…

  • CVE-2024-8520Oct 4, 2024
    risk 0.00cvss epss 0.00

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation…

Page 2 of 2