CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Ultimatemember: Security Vulnerabilities

CVE-2018-6943

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

CVSS Score

6.1

EPSS Score

0.002

Published

2018-02-16

CVE-2018-6944

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

CVSS Score

6.1

EPSS Score

0.003

Published

2018-02-16

CVE-2015-8354

Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.

CVSS Score

6.1

EPSS Score

0.005

Published

2017-09-11

Page 6

Vulnerabilities

Vulnerable Software

Ultimatemember: Security Vulnerabilities

Products

Pricing

Contact Us