WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

2022-10-28
Ultimate Member < 2.5.1 - Admin+ LFI via Traversal
Fixed in version 2.5.1
2022-10-28
Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal
Fixed in version 2.5.1
2022-10-28
Ultimate Member < 2.5.1 - Admin+ RCE
Fixed in version 2.5.1
2022-10-28
Ultimate Member < 2.5.1 - Subscriber+ RCE
Fixed in version 2.5.1
2022-06-02
Ultimate Member < 2.4.0 - Subscriber+ Stored Cross-Site Scripting
Fixed in version 2.4.0
2022-04-29
Ultimate Member < 2.3.2 - Open Redirect
Fixed in version 2.3.2
2021-05-07
Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
Fixed in version 2.1.20
2020-11-09
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta
Fixed in version 2.1.12
2020-11-09
Ultimate Member < 2.1.12 - Authenticated Privilege Escalation via Profile Update
Fixed in version 2.1.12
2020-11-09
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Roles
Fixed in version 2.1.12
2020-08-12
Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
Fixed in version 2.1.7
2020-01-13
Ultimate Member < 2.1.3 - Insecure Direct Object Reference (IDOR)
Fixed in version 2.1.3
2019-07-22
Ultimate Member <= 2.0.53 - Cross-Site Scripting (XSS)
Fixed in version 2.0.54
2019-06-24
Ultimate Member < 2.0.52 - CSRF and Stored XSS issues
Fixed in version 2.0.52
2019-05-13
Ultimate Member < 2.0.46 - Multiple Vulnerabilities
Fixed in version 2.0.46
2019-04-01
Ultimate Member < 2.0.40 - Cross-Site Request Forgery (CSRF)
Fixed in version 2.0.40
2018-11-22
Ultimate Member < 2.0.33 - Cross-Site Request Forgery (CSRF)
Fixed in version 2.0.33
2018-10-06
Ultimate Member < 2.0.28 - Multiple XSS
Fixed in version 2.0.28
2018-08-10
Ultimate Member < 2.0.22 - Authenticated Cross-Site Scripting (XSS)
Fixed in version 2.0.22
2018-08-08
Ultimate Member < 2.0.22 - Unauthenticated Arbitrary File Upload
Fixed in version 2.0.22
2018-07-03
Ultimate Member < 2.0.18 - Authenticated Cross-Site Scripting (XSS)
Fixed in version 2.0.18
2018-05-10
Ultimate Member < 2.0.4 - Multiple Issues
Fixed in version 2.0.4
2018-04-23
Ultimate Member < 2.0.7 - Multiple Cross-Site Request Forgery Issues
Fixed in version 2.0.7
2018-02-14
Ultimate Member <= 2.0 - Multiple XSS
Fixed in version 2.0.4
2016-12-06
Ultimate Member < 1.3.76 - Unauthenticated Change Passwords
Fixed in version 1.3.76
2016-07-10
Ultimate Member < 1.3.65 - Local File Inclusion
Fixed in version 1.3.65
2016-04-06
Ultimate Member < 1.3.40 - Cross-Site Scripting (XSS)
Fixed in version 1.3.40
2015-12-02
Ultimate Member < 1.3.29 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Fixed in version 1.3.29
2015-08-20
Ultimate Member < 1.3.18 - Cross-Site Scripting (XSS)
Fixed in version 1.3.18
2015-06-18
Ultimate Member 1.2.98-1.2.994 - Reflected Cross-Site Scripting (XSS)
Fixed in version 1.2.995
2015-03-16
Ultimate Member <= 1.0.78 - Multiple Vulnerabilities
Fixed in version 1.0.84