Ultimate Member
Ultimate Member
Developer
2.11.3
Latest version
200,000
Installations
No date
Last updated
Vulnerability history
0 present
42 patched
15 Mitigation rules
- Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability<= 2.11.21 day ago
- Reflected Cross-Site Scripting via Filter Parameters vulnerability<= 2.11.120/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability<= 2.11.031/12/2025
- Unauthenticated Sensitive Information Exposure vulnerability<= 2.11.019/12/2025
- Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' vulnerability<= 2.11.018/12/2025
- Authenticated (Subscriber+) Profile Privacy Setting Bypass vulnerability<= 2.11.017/12/2025
- Arbitrary Function Call vulnerability<= 2.10.307/05/2025
- Unauthenticated Blind SQL Injection vulnerability<= 2.10.117/04/2025
- Unauthenticated SQL Injection via search Parameter vulnerability<= 2.10.004/03/2025
- Authenticated SQL Injection vulnerability<= 2.9.220/02/2025
- Information Exposure vulnerability<= 2.9.117/01/2025
- Unauthenticated SQL Injection vulnerability<= 2.9.117/01/2025
- Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update vulnerability<= 2.8.921/11/2024
- Cross-Site Request Forgery to Membership Status Change vulnerability<= 2.8.604/10/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.8.604/10/2024
- Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 2.8.415/04/2024
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 2.8.308/03/2024
- Unauthenticated SQL Injection vulnerability2.1.3-2.8.223/02/2024
- Cross-Site Request Forgery vulnerability<= 2.6.809/08/2023
- Unauthenticated Privilege Escalation<= 2.6.629/06/2023
- Cross Site Request Forgery (CSRF) vulnerability<= 2.6.022/06/2023
- Auth. Directory Traversal vulnerability<= 2.5.028/10/2022
- Auth. Directory Traversal vulnerability<= 2.5.028/10/2022
- Auth. Remote Code Execution vulnerability<= 2.5.028/10/2022
- Auth. Limited Remote Code Execution vulnerability<= 2.5.028/10/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.3.202/06/2022
- Open Redirect vulnerability<= 2.3.101/05/2022
- Authenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.1.1907/05/2021
- Unauthenticated/Authenticated Privilege Escalation<= 2.1.1109/11/2020
- Insecure Direct Object Reference (IDOR) vulnerability<= 2.1.222/01/2020
- Cross-Site Scripting (XSS) vulnerability<= 2.0.5314/08/2019
- Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities<= 2.0.5113/07/2019
- Multiple vulnerabilities<= 2.0.4516/05/2019
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.3904/04/2019
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.3227/11/2018
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 2.0.2128/08/2018
- Unauthenticated Arbitrary File Upload vulnerability<= 2.0.2109/08/2018
- Unauthenticated Change Passwords<= 1.3.7506/12/2016
- Local File Inclusion<= 1.3.6410/07/2016
- Reflected Cross Site Scripting<= 1.3.2802/12/2015
- Cross Site Scripting<= 1.2.99418/06/2015
- Multiple Vulnerabilities<= 1.0.7816/03/2015