📦 Ultimate Member

This SQL injection vulnerability in the Ultimate Member WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the 'sorting' parameter. Attackers can extract sensiti...

The Ultimate Member WordPress plugin before version 2.6.7 contains a critical vulnerability that allows unauthenticated attackers to create user accounts with administrator privileges. This affects al...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks against WordPress sites using the Ultimate Member plugin. Attackers can extract sensitive information fr...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Ultimate Member plugin. When users visit compromised pages, the scripts execute in their ...

The Ultimate Member WordPress plugin versions up to 2.9.1 leak sensitive user metadata through error messages. Unauthenticated attackers can extract data from the wp_usermeta table, potentially exposi...

This vulnerability in the Ultimate Member WordPress plugin allows authenticated attackers with subscriber-level access or higher to change other users' profile pictures without authorization. The flaw...

This CSRF vulnerability in the Ultimate Member WordPress plugin allows unauthenticated attackers to modify user membership statuses by tricking administrators into clicking malicious links. All WordPr...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to inject malicious scripts into Skype and Spotify URL fields in the Ultimate Member plugin. The scripts ...