Show filters
44 Total Results
Displaying 41-44 of 44
Sort by:
Attacker Value
Unknown

CVE-2018-13136

Disclosure Date: July 04, 2018 (last updated November 27, 2024)
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
0
0
Attacker Value
Unknown

CVE-2018-0585

Disclosure Date: May 14, 2018 (last updated November 26, 2024)
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-6944

Disclosure Date: February 16, 2018 (last updated November 26, 2024)
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
0
0
Attacker Value
Unknown

CVE-2015-8354

Disclosure Date: September 11, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
0
0
View More Topics  < Previous