Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

WordPress Plugin

WordPress Ultimate Member Plugin

Ultimate Member is the 1 user profile membership plugin for WordPress. The plugin makes it a breeze for users to sign-up and become members of your website.

Official Site:

https://ultimatemember.com/

Severity Summary:

Critical: 4 High: 8 Medium: 25
Reference
Title
Severity
CVE-2024-1071
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2023-3460
Unauthorized Admin Access for Ultimate Member plugin
Critical
CVE-2020-36157
WordPress Ultimate Member Plugin Vulnerability
Critical
CVE-2020-36155
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability
Critical
CVE-2022-3966
WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2020-36156
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability
High
CVE-2022-3383
WordPress Ultimate Member Plugin Other Vulnerability
High
CVE-2023-31216
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2019-10270
WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2022-3384
WordPress Ultimate Member Plugin Other Vulnerability
High
CVE-2025-0308
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-10673
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2019-14947
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-8354
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-8519
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-8520
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2019-14946
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-12276
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2025-0318
WordPress Ultimate Member Plugin Vulnerability
Medium
CVE-2024-2765
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-10528
WordPress Ultimate Member Plugin Missing Authorization Vulnerability
Medium
CVE-2019-14945
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-6859
WordPress Ultimate Member Plugin Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2018-6944
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-17866
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-13136
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-0585
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-10271
WordPress Ultimate Member Plugin Vulnerability
Medium
CVE-2020-36170
WordPress Ultimate Member Plugin Vulnerability
Medium
CVE-2022-1209
WordPress Ultimate Member Plugin URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium