Ultimate Member
Ultimate Member
Developer
2.11.2
Latest version
200,000
Installations
No date
Last updated
Vulnerability history
0 present
40 fixed
13 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability<= 2.11.0Dec 31, 2025
- Unauthenticated Sensitive Information Exposure vulnerability<= 2.11.0Dec 19, 2025
- Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' vulnerability<= 2.11.0Dec 18, 2025
- Authenticated (Subscriber+) Profile Privacy Setting Bypass vulnerability<= 2.11.0Dec 17, 2025
- Arbitrary Function Call vulnerability<= 2.10.3May 7, 2025
- Unauthenticated Blind SQL Injection vulnerability<= 2.10.1Apr 17, 2025
- Unauthenticated SQL Injection via search Parameter vulnerability<= 2.10.0Mar 4, 2025
- Authenticated SQL Injection vulnerability<= 2.9.2Feb 20, 2025
- Information Exposure vulnerability<= 2.9.1Jan 17, 2025
- Unauthenticated SQL Injection vulnerability<= 2.9.1Jan 17, 2025
- Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update vulnerability<= 2.8.9Nov 21, 2024
- Cross-Site Request Forgery to Membership Status Change vulnerability<= 2.8.6Oct 4, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.8.6Oct 4, 2024
- Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 2.8.4Apr 15, 2024
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 2.8.3Mar 8, 2024
- Unauthenticated SQL Injection vulnerability2.1.3-2.8.2Feb 23, 2024
- Cross-Site Request Forgery vulnerability<= 2.6.8Aug 9, 2023
- Unauthenticated Privilege Escalation<= 2.6.6Jun 29, 2023
- Cross Site Request Forgery (CSRF) vulnerability<= 2.6.0Jun 22, 2023
- Auth. Directory Traversal vulnerability<= 2.5.0Oct 28, 2022
- Auth. Directory Traversal vulnerability<= 2.5.0Oct 28, 2022
- Auth. Remote Code Execution vulnerability<= 2.5.0Oct 28, 2022
- Auth. Limited Remote Code Execution vulnerability<= 2.5.0Oct 28, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.3.2Jun 2, 2022
- Open Redirect vulnerability<= 2.3.1May 1, 2022
- Authenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.1.19May 7, 2021
- Unauthenticated/Authenticated Privilege Escalation<= 2.1.11Nov 9, 2020
- Insecure Direct Object Reference (IDOR) vulnerability<= 2.1.2Jan 22, 2020
- Cross-Site Scripting (XSS) vulnerability<= 2.0.53Aug 14, 2019
- Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities<= 2.0.51Jul 13, 2019
- Multiple vulnerabilities<= 2.0.45May 16, 2019
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.39Apr 4, 2019
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.32Nov 27, 2018
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 2.0.21Aug 28, 2018
- Unauthenticated Arbitrary File Upload vulnerability<= 2.0.21Aug 9, 2018
- Unauthenticated Change Passwords<= 1.3.75Dec 6, 2016
- Local File Inclusion<= 1.3.64Jul 10, 2016
- Reflected Cross Site Scripting<= 1.3.28Dec 2, 2015
- Cross Site Scripting<= 1.2.994Jun 18, 2015
- Multiple Vulnerabilities<= 1.0.78Mar 16, 2015