Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 49 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-0308 Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin High 7.5 2025-01-18 05:33:50 Deep Dive
CVE-2025-0318 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 5.3 2025-01-18 05:33:49 Deep Dive
CVE-2024-54367 WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability Ultimate MemberForumWP Critical 9.8 2024-12-16 14:31:34 Deep Dive
CVE-2024-54370 WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability SuitePluginsVideo & Photo Gallery for Ultimate Member Critical 9.9 2024-12-16 14:31:32 Deep Dive
CVE-2024-12162 Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting suitepluginsVideo & Photo Gallery for Ultimate Member Medium 6.1 2024-12-12 04:23:14 Deep Dive
CVE-2023-23715 WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability Ultimate MemberJobBoardWP – Job Board Listings and Submissions Medium 5.2 2024-12-09 11:31:54 Deep Dive
CVE-2024-10528 Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 4.3 2024-11-21 05:33:49 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive
CVE-2024-8519 Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 6.4 2024-10-04 02:32:23 Deep Dive
CVE-2024-8520 Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 5.3 2024-10-04 02:32:22 Deep Dive
CVE-2024-2765 Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 5.4 2024-05-02 16:52:22 Deep Dive
CVE-2024-1071 WordPress Plugin Ultimate Member 安全漏洞 ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Critical 9.8 2024-03-13 15:26:32 Deep Dive
CVE-2024-2123 Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin High 7.2 2024-03-13 09:35:15 Deep Dive
CVE-2023-49168 WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) WordPlusBetter Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss Medium 6.5 2023-12-14 14:49:33 Deep Dive
CVE-2023-31216 WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) Ultimate MemberUltimate Member Medium 4.3 2023-07-17 13:50:08 Deep Dive
CVE-2023-3460 Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation UnknownUltimate Member 超危 -2023-07-04 07:23:29 Deep Dive
CVE-2022-3383 Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin High 7.2 2022-11-29 20:40:10 Deep Dive
CVE-2022-3384 Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin High 7.2 2022-11-29 20:39:57 Deep Dive
CVE-2022-3361 Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 4.3 2022-11-29 20:39:44 Deep Dive
CVE-2022-3966 Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal unspecifiedUltimate Member Plugin Medium 4.3 2022-11-13 00:00:00 Deep Dive