Search criteria
58 vulnerabilities by ultimatemember
CVE-2025-13220 (GCVE-0-2025-13220)
Vulnerability from cvelistv5 – Published: 2025-12-21 03:20 – Updated: 2025-12-22 15:50
VLAI?
Title
Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.11.0
(semver)
|
Credits
Muhammad Yudha - DJ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T15:50:17.755759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T15:50:43.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-21T03:20:06.248Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c06548-238d-4b75-8f20-d7de6fc21539?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L67"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L525"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L558"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L591"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L625"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L542"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3421362%40ultimate-member\u0026new=3421362%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T08:28:04.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-20T14:20:39.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13220",
"datePublished": "2025-12-21T03:20:06.248Z",
"dateReserved": "2025-11-14T20:41:25.932Z",
"dateUpdated": "2025-12-22T15:50:43.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12492 (GCVE-0-2025-12492)
Vulnerability from cvelistv5 – Published: 2025-12-20 08:22 – Updated: 2025-12-22 16:16
VLAI?
Title
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.11.0
(semver)
|
Credits
Athiwat Tiprasaharn
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:16:28.028623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:16:36.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-20T08:22:10.037Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61337d2d-d15a-45f2-b730-fc034eb3cd31?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/templates/members.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-ajax-common.php#L61"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L2795"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L205"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/class-functions.php#L41"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3421362%40ultimate-member%2Ftrunk\u0026old=3408617%40ultimate-member%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T08:28:04.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-19T19:56:17.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin \u003c= 2.11.0 - Unauthenticated Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12492",
"datePublished": "2025-12-20T08:22:10.037Z",
"dateReserved": "2025-10-29T20:02:17.937Z",
"dateUpdated": "2025-12-22T16:16:36.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14081 (GCVE-0-2025-14081)
Vulnerability from cvelistv5 – Published: 2025-12-17 18:21 – Updated: 2025-12-17 19:29
VLAI?
Title
Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass
Summary
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the `required_perm` check is applied during rendering. This makes it possible for authenticated attackers with Subscriber-level access to modify their profile privacy settings (e.g., setting profile to "Only me") via direct parameter manipulation, even when the administrator has explicitly disabled the option for their role.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.11.0
(semver)
|
Credits
Boris Bogosavac
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:51:48.415456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:29:00.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Boris Bogosavac"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the `required_perm` check is applied during rendering. This makes it possible for authenticated attackers with Subscriber-level access to modify their profile privacy settings (e.g., setting profile to \"Only me\") via direct parameter manipulation, even when the administrator has explicitly disabled the option for their role."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:21:35.858Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aad57a68-c385-491f-a5a2-32906df4b52b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/um-actions-account.php#L322"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-account.php#L610"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3421362/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-05T01:28:04.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-16T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14081",
"datePublished": "2025-12-17T18:21:35.858Z",
"dateReserved": "2025-12-05T01:12:20.672Z",
"dateUpdated": "2025-12-17T19:29:00.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13217 (GCVE-0-2025-13217)
Vulnerability from cvelistv5 – Published: 2025-12-17 18:21 – Updated: 2025-12-17 19:29
VLAI?
Title
Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping on user-supplied YouTube video URLs in the `um_profile_field_filter_hook__youtube_video()` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that execute whenever a user accesses the injected user's profile page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.11.0
(semver)
|
Credits
Kevin Wydler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:52:09.363871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:29:16.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Wydler"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video \u0027value\u0027 field in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping on user-supplied YouTube video URLs in the `um_profile_field_filter_hook__youtube_video()` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that execute whenever a user accesses the injected user\u0027s profile page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:21:34.878Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/876b57e0-cf1e-4ce9-ba85-a5d4554797bd?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/includes/core/um-filters-fields.php#L80"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3421362/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T08:28:04.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-16T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via \u0027value\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13217",
"datePublished": "2025-12-17T18:21:34.878Z",
"dateReserved": "2025-11-14T20:12:30.355Z",
"dateUpdated": "2025-12-17T19:29:16.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1702 (GCVE-0-2025-1702)
Vulnerability from cvelistv5 – Published: 2025-03-05 11:22 – Updated: 2025-03-05 14:18
VLAI?
Title
Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.10.0
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T14:18:16.631384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T14:18:59.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.10.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the \u0027search\u0027 parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T11:22:09.425Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34adbae5-d615-4f8d-a845-6741d897f06c?source=cve"
},
{
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/includes/core/class-member-directory.php#L1775"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/includes/core/class-member-directory.php#L1863"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/pull/1654/commits/74647d42cc8d63f5d4f687efcd0792c246c23039"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3249862/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T21:53:45.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.10.0 - Unauthenticated SQL Injection via search Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1702",
"datePublished": "2025-03-05T11:22:09.425Z",
"dateReserved": "2025-02-25T20:51:45.704Z",
"dateUpdated": "2025-03-05T14:18:59.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12276 (GCVE-0-2024-12276)
Vulnerability from cvelistv5 – Published: 2025-02-21 09:21 – Updated: 2025-02-21 15:13
VLAI?
Title
Ultimate Member <= 2.9.2 - Authenticated SQL Injection
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with access to upload files and manage filenames through a third-party plugin like a File Manager, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The risk of this vulnerability is very minimal as it requires a user to be able to manipulate filenames in order to successfully exploit.
Severity ?
5.3 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.9.2
(semver)
|
Credits
Kevin Wydler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T15:13:37.993069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T15:13:51.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.9.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Wydler"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with access to upload files and manage filenames through a third-party plugin like a File Manager, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The risk of this vulnerability is very minimal as it requires a user to be able to manipulate filenames in order to successfully exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T09:21:05.646Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3242743/ultimate-member/tags/2.10.0/includes/core/class-uploader.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-20T21:16:05.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.9.2 - Authenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12276",
"datePublished": "2025-02-21T09:21:05.646Z",
"dateReserved": "2024-12-05T18:52:05.083Z",
"dateUpdated": "2025-02-21T15:13:51.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0308 (GCVE-0-2025-0308)
Vulnerability from cvelistv5 – Published: 2025-01-18 05:33 – Updated: 2025-01-21 21:40
VLAI?
Title
Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.9.1
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:40:33.837038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:40:55.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.9.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-18T05:33:50.432Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e5bb98-2652-499a-b8cd-4ebfe1c1d890?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.9.1/includes/core/class-member-directory.php#L1877"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-06T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-01-17T16:40:14.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.9.1 - Unauthenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0308",
"datePublished": "2025-01-18T05:33:50.432Z",
"dateReserved": "2025-01-07T13:22:14.239Z",
"dateUpdated": "2025-01-21T21:40:55.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0318 (GCVE-0-2025-0318)
Vulnerability from cvelistv5 – Published: 2025-01-18 05:33 – Updated: 2025-01-22 14:19
VLAI?
Title
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.9.1
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:19:38.370626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:19:41.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.9.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-18T05:33:49.324Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ee149bf-ffa3-4906-8be2-9c3c40b28287?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.9.1/includes/core/um-actions-form.php#L944"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-04T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-01-17T16:40:14.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin \u003c= 2.9.1 - Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0318",
"datePublished": "2025-01-18T05:33:49.324Z",
"dateReserved": "2025-01-07T22:50:30.349Z",
"dateUpdated": "2025-01-22T14:19:41.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54367 (GCVE-0-2024-54367)
Vulnerability from cvelistv5 – Published: 2024-12-16 14:31 – Updated: 2024-12-16 16:36
VLAI?
Title
WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability
Summary
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T15:57:06.558191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:36:34.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "forumwp",
"product": "ForumWP",
"vendor": "ForumWP",
"versions": [
{
"changes": [
{
"at": "2.1.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.\u003c/p\u003e\u003cp\u003eThis issue affects ForumWP: from n/a through 2.1.0.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T14:31:33.825Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress ForumWP plugin to the latest available version (at least 2.1.1)."
}
],
"value": "Update the WordPress ForumWP plugin to the latest available version (at least 2.1.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ForumWP plugin \u003c= 2.1.0 - PHP Object Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54367",
"datePublished": "2024-12-16T14:31:33.825Z",
"dateReserved": "2024-12-02T12:05:34.988Z",
"dateUpdated": "2024-12-16T16:36:34.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23715 (GCVE-0-2023-23715)
Vulnerability from cvelistv5 – Published: 2024-12-09 11:31 – Updated: 2024-12-09 18:40
VLAI?
Title
WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability
Summary
Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2.
Severity ?
5.2 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JobBoardWP | JobBoardWP – Job Board Listings and Submissions |
Affected:
n/a , ≤ 1.2.2
(custom)
|
Credits
Fariq Fadillah Gusti Insani (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T13:28:34.379630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T18:40:20.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "jobboardwp",
"product": "JobBoardWP \u2013 Job Board Listings and Submissions",
"vendor": "JobBoardWP",
"versions": [
{
"changes": [
{
"at": "1.2.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Fariq Fadillah Gusti Insani (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in JobBoardWP JobBoardWP \u2013 Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects JobBoardWP \u2013 Job Board Listings and Submissions: from n/a through 1.2.2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in JobBoardWP JobBoardWP \u2013 Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP \u2013 Job Board Listings and Submissions: from n/a through 1.2.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T11:31:54.341Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/jobboardwp/vulnerability/wordpress-jobboardwp-job-board-listings-and-submissions-plugin-1-2-2-idor-leading-to-job-removal-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress JobBoardWP \u2013 Job Board Listings and Submissions plugin to the latest available version (at least 1.2.3)."
}
],
"value": "Update the WordPress JobBoardWP \u2013 Job Board Listings and Submissions plugin to the latest available version (at least 1.2.3)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JobBoardWP \u2013 Job Board Listings and Submissions plugin \u003c= 1.2.2 - IDOR Leading To Job Removal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-23715",
"datePublished": "2024-12-09T11:31:54.341Z",
"dateReserved": "2023-01-17T15:49:20.262Z",
"dateUpdated": "2024-12-09T18:40:20.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11204 (GCVE-0-2024-11204)
Vulnerability from cvelistv5 – Published: 2024-12-06 08:24 – Updated: 2024-12-06 14:18
VLAI?
Title
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board |
Affected:
* , ≤ 2.1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T14:08:22.120998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T14:18:25.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T08:24:57.746Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.1/includes/admin/class-columns.php#L313"
},
{
"url": "https://wordpress.org/plugins/forumwp/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T19:44:17.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board \u003c= 2.1.2 - Reflected Cross-Site Scripting via url Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11204",
"datePublished": "2024-12-06T08:24:57.746Z",
"dateReserved": "2024-11-14T00:35:11.306Z",
"dateUpdated": "2024-12-06T14:18:25.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10879 (GCVE-0-2024-10879)
Vulnerability from cvelistv5 – Published: 2024-12-06 08:24 – Updated: 2024-12-06 14:18
VLAI?
Title
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board |
Affected:
* , ≤ 2.1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T14:09:22.477381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T14:18:27.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg \u0026 remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T08:24:49.569Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L156"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L178"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T19:50:45.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board \u003c= 2.1.2 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10879",
"datePublished": "2024-12-06T08:24:49.569Z",
"dateReserved": "2024-11-05T16:36:36.081Z",
"dateUpdated": "2024-12-06T14:18:27.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10880 (GCVE-0-2024-10880)
Vulnerability from cvelistv5 – Published: 2024-11-23 04:32 – Updated: 2024-11-23 13:18
VLAI?
Title
JobBoardWP – Job Board Listings and Submissions <= 1.3.0 - Reflected Cross-Site Scripting
Summary
The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | JobBoardWP – Job Board Listings and Submissions |
Affected:
* , ≤ 1.3.0
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-23T13:15:10.890192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:18:23.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JobBoardWP \u2013 Job Board Listings and Submissions",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "1.3.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JobBoardWP \u2013 Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg \u0026 remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T04:32:18.851Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07b48c64-aa54-4b9b-b1ee-c0f065e2aaa4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jobboardwp/tags/1.2.8/includes/admin/class-emails-list-table.php#L168"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jobboardwp/tags/1.2.8/includes/admin/class-emails-list-table.php#L192"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3194143%40jobboardwp\u0026new=3194143%40jobboardwp\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-22T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "JobBoardWP \u2013 Job Board Listings and Submissions \u003c= 1.3.0 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10880",
"datePublished": "2024-11-23T04:32:18.851Z",
"dateReserved": "2024-11-05T16:40:17.251Z",
"dateUpdated": "2024-11-23T13:18:23.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10528 (GCVE-0-2024-10528)
Vulnerability from cvelistv5 – Published: 2024-11-21 05:33 – Updated: 2024-11-21 11:40
VLAI?
Title
Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the profile pictures of other users.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.8.9
(semver)
|
Credits
Kevin Wydler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T11:34:42.505232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T11:40:11.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Wydler"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the profile pictures of other users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T05:33:48.663Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a9793b6-2186-46ef-b204-d8f8f154ebf3?source=cve"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/ab05bc570a8ba6449cd470791be1c0670eb9c203/includes/core/class-files.php#L332"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/ab05bc570a8ba6449cd470791be1c0670eb9c203/includes/core/class-files.php#L371"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3186722%40ultimate-member\u0026new=3186722%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10528",
"datePublished": "2024-11-21T05:33:48.663Z",
"dateReserved": "2024-10-30T10:55:39.116Z",
"dateUpdated": "2024-11-21T11:40:11.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8519 (GCVE-0-2024-8519)
Vulnerability from cvelistv5 – Published: 2024-10-04 02:32 – Updated: 2024-10-04 14:00
VLAI?
Title
Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.8.6
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T14:00:39.447522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T14:00:48.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027um_loggedin\u0027 shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T02:32:23.121Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e394bb2-d505-4bf1-b672-fea3504bf936?source=cve"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/core/class-shortcodes.php#L433"
},
{
"url": "https://wordpress.org/plugins/ultimate-member/"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/pull/1545"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3160947/ultimate-member/tags/2.8.7/includes/core/class-shortcodes.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-03T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-8519",
"datePublished": "2024-10-04T02:32:23.121Z",
"dateReserved": "2024-09-06T14:46:37.596Z",
"dateUpdated": "2024-10-04T14:00:48.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8520 (GCVE-0-2024-8520)
Vulnerability from cvelistv5 – Published: 2024-10-04 02:32 – Updated: 2024-10-04 14:03
VLAI?
Title
Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
5.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.8.6
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "ultimate_member",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T14:01:41.712187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T14:03:08.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T02:32:22.432Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ffddc03-d4ae-460e-972a-98804d947d09?source=cve"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L1948C1-L1959C6"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L70C4-L70C84"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L1880"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/core/class-admin-users.php#L41C4-L41C90"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/core/class-admin-users.php#L146C1-L173C12"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L1945"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/core/class-admin-users.php#L175C1-L178C7"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/pull/1549"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3160947/ultimate-member/trunk/includes/admin/class-admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-03T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Ultimate Member \u003c= 2.8.6 - Cross-Site Request Forgery to Membership Status Change"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-8520",
"datePublished": "2024-10-04T02:32:22.432Z",
"dateReserved": "2024-09-06T14:54:51.269Z",
"dateUpdated": "2024-10-04T14:03:08.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8428 (GCVE-0-2024-8428)
Vulnerability from cvelistv5 – Published: 2024-09-06 13:55 – Updated: 2024-09-06 14:11
VLAI?
Title
ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Summary
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.
Severity ?
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board Plugin |
Affected:
* , ≤ 2.0.2
(semver)
|
Credits
wesley
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:forumwp:forumwp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forumwp",
"vendor": "forumwp",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:10:28.951912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:11:40.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the \u0027user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T13:55:18.650Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/trunk/includes/frontend/class-actions-listener.php#L179"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-06T01:21:28.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board Plugin \u003c= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-8428",
"datePublished": "2024-09-06T13:55:18.650Z",
"dateReserved": "2024-09-04T15:06:42.231Z",
"dateUpdated": "2024-09-06T14:11:40.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2765 (GCVE-0-2024-2765)
Vulnerability from cvelistv5 – Published: 2024-05-02 16:52 – Updated: 2024-08-01 19:25
VLAI?
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
5.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.8.4
(semver)
|
Credits
Kevin Wydler
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "ultimate_member",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T20:13:40.693454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:21:52.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86ddd5fd-137b-478e-952e-b36fc6a5c28d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ultimatemember/ultimatemember/blob/de04d89a49dfb9baf4019ea77b1edfbcd17fd849/includes/core/um-filters-fields.php#L472"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ultimatemember/ultimatemember/blob/de04d89a49dfb9baf4019ea77b1edfbcd17fd849/includes/core/um-filters-fields.php#L117"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3067953%40ultimate-member\u0026new=3067953%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ultimatemember/ultimatemember/pull/1491/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Wydler"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-02T16:52:21.806Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86ddd5fd-137b-478e-952e-b36fc6a5c28d?source=cve"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/de04d89a49dfb9baf4019ea77b1edfbcd17fd849/includes/core/um-filters-fields.php#L472"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/blob/de04d89a49dfb9baf4019ea77b1edfbcd17fd849/includes/core/um-filters-fields.php#L117"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3067953%40ultimate-member\u0026new=3067953%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://github.com/ultimatemember/ultimatemember/pull/1491/files"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2765",
"datePublished": "2024-05-02T16:52:21.806Z",
"dateReserved": "2024-03-21T15:26:03.320Z",
"dateUpdated": "2024-08-01T19:25:41.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1071 (GCVE-0-2024-1071)
Vulnerability from cvelistv5 – Published: 2024-03-13 15:26 – Updated: 2025-04-15 15:24
VLAI?
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
2.1.3 , ≤ 2.8.2
(semver)
|
Credits
Christiaan Swiers
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ultimatemember:registration:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "registration",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ultimatemember:user_profile:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "user_profile",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ultimatemember:login:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "login",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ultimatemember:memberdirectory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "memberdirectory",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ultimatemember:contentrestriction:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contentrestriction",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ultimatemember:membershipplugin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "membershipplugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.1.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T18:04:09.899893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:24:14.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L666"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L858"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/ultimate-member/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3038036/ultimate-member/trunk/includes/core/class-member-directory-meta.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.1.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christiaan Swiers"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the \u0027sorting\u0027 parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:26:32.070Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L666"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L858"
},
{
"url": "https://wordpress.org/plugins/ultimate-member/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3038036/ultimate-member/trunk/includes/core/class-member-directory-meta.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-23T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1071",
"datePublished": "2024-03-13T15:26:32.070Z",
"dateReserved": "2024-01-30T15:07:04.965Z",
"dateUpdated": "2025-04-15T15:24:14.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2123 (GCVE-0-2024-2123)
Vulnerability from cvelistv5 – Published: 2024-03-13 09:35 – Updated: 2024-08-02 20:26
VLAI?
Summary
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.8.3
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L44"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L53"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L65"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L39"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L53"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3046611/ultimate-member#file746"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ultimate_member:registration:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "registration",
"vendor": "ultimate_member",
"versions": [
{
"lessThanOrEqual": "2.8.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T20:23:26.339863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T20:26:37.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.8.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T09:35:14.538Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L44"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L53"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L65"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L53"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3046611/ultimate-member#file746"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-08T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2123",
"datePublished": "2024-03-13T09:35:14.538Z",
"dateReserved": "2024-03-01T21:53:06.815Z",
"dateUpdated": "2024-08-02T20:26:37.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31216 (GCVE-0-2023-31216)
Vulnerability from cvelistv5 – Published: 2023-07-17 13:50 – Updated: 2024-09-30 14:39
VLAI?
Title
WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ultimate Member | Ultimate Member |
Affected:
n/a , ≤ 2.6.0
(custom)
|
Credits
Nguyen Xuan Chien (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/ultimate-member/wordpress-ultimate-member-plugin-2-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T14:39:15.374718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T14:39:24.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ultimate-member",
"product": "Ultimate Member",
"vendor": "Ultimate Member",
"versions": [
{
"changes": [
{
"at": "2.6.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nguyen Xuan Chien (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;2.6.0 versions.\u003c/span\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin \u003c=\u00a02.6.0 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T13:50:07.650Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/ultimate-member/wordpress-ultimate-member-plugin-2-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.6.1 or a higher version."
}
],
"value": "Update to\u00a02.6.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Ultimate Member Plugin \u003c= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-31216",
"datePublished": "2023-07-17T13:50:07.650Z",
"dateReserved": "2023-04-25T12:01:56.446Z",
"dateUpdated": "2024-09-30T14:39:24.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3460 (GCVE-0-2023-3460)
Vulnerability from cvelistv5 – Published: 2023-07-04 07:23 – Updated: 2024-11-25 16:47
VLAI?
Title
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
Summary
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ultimate Member |
Affected:
0 , < 2.6.7
(custom)
|
Credits
Unknown
Marc Montpas
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3460",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:47:09.186881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:47:17.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Ultimate Member",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Unknown"
},
{
"lang": "en",
"type": "finder",
"value": "Marc Montpas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-04T07:23:28.852Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7"
},
{
"url": "https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ultimate Member \u003c 2.6.7 - Unauthenticated Privilege Escalation",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-3460",
"datePublished": "2023-07-04T07:23:28.852Z",
"dateReserved": "2023-06-29T13:45:40.301Z",
"dateUpdated": "2024-11-25T16:47:17.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4061 (GCVE-0-2022-4061)
Vulnerability from cvelistv5 – Published: 2022-12-19 13:41 – Updated: 2025-04-17 13:56
VLAI?
Title
JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload
Summary
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | JobBoardWP |
Affected:
0 , < 1.2.2
(custom)
|
Credits
cydave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4061",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:55:32.815453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:56:00.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "JobBoardWP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T13:41:42.453Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JobBoardWP \u003c 1.2.2 - Unauthenticated Arbitrary File Upload",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4061",
"datePublished": "2022-12-19T13:41:42.453Z",
"dateReserved": "2022-11-18T18:44:27.247Z",
"dateUpdated": "2025-04-17T13:56:00.263Z",
"requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3383 (GCVE-0-2022-3383)
Vulnerability from cvelistv5 – Published: 2022-11-29 20:40 – Updated: 2025-01-23 20:34
VLAI?
Summary
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, User Registration, Login & Membership Plugin |
Affected:
* , ≤ 2.5.0
(semver)
|
Credits
Ruijie Li
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yuque.com/docs/share/8796eef9-ac4c-4339-96b4-6c21313ecf3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3383%20%26%26%20CVE-2022-3384.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2805393%40ultimate-member\u0026new=2805393%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3383"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T20:34:13.839456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T20:34:17.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, User Registration, Login \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.5.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruijie Li"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/A:H/I:H/C:H/S:U/UI:N/PR:H/AC:L/AV:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T20:40:09.609Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.yuque.com/docs/share/8796eef9-ac4c-4339-96b4-6c21313ecf3e"
},
{
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3383%20%26%26%20CVE-2022-3384.md"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2805393%40ultimate-member\u0026new=2805393%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3383"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-10-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-3383",
"datePublished": "2022-11-29T20:40:09.609Z",
"dateReserved": "2022-09-30T19:32:01.065Z",
"dateUpdated": "2025-01-23T20:34:17.159Z",
"requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3384 (GCVE-0-2022-3384)
Vulnerability from cvelistv5 – Published: 2022-11-29 20:39 – Updated: 2025-01-31 18:22
VLAI?
Summary
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, User Registration, Login & Membership Plugin |
Affected:
* , ≤ 2.5.0
(semver)
|
Credits
Ruijie Li
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yuque.com/docs/share/8796eef9-ac4c-4339-96b4-6c21313ecf3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3383%20%26%26%20CVE-2022-3384.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2805393%40ultimate-member\u0026new=2805393%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3384"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:21:51.660679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:22:55.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, User Registration, Login \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.5.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruijie Li"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/A:H/I:H/C:H/S:U/UI:N/PR:H/AC:L/AV:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T20:39:57.459Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.yuque.com/docs/share/8796eef9-ac4c-4339-96b4-6c21313ecf3e"
},
{
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3383%20%26%26%20CVE-2022-3384.md"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2805393%40ultimate-member\u0026new=2805393%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3384"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-10-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-3384",
"datePublished": "2022-11-29T20:39:57.459Z",
"dateReserved": "2022-09-30T19:33:50.826Z",
"dateUpdated": "2025-01-31T18:22:55.780Z",
"requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3361 (GCVE-0-2022-3361)
Vulnerability from cvelistv5 – Published: 2022-11-29 20:39 – Updated: 2025-01-31 18:24
VLAI?
Summary
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, User Registration, Login & Membership Plugin |
Affected:
* , ≤ 2.5.0
(semver)
|
Credits
Ruijie Li
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yuque.com/docs/share/23f988ad-1402-42f2-b8d2-c7a87a4022bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3361.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3361"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2805393%40ultimate-member\u0026new=2805393%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:23:59.590833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:24:13.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, User Registration, Login \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.5.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruijie Li"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the \u0027template\u0027 attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/A:N/I:N/C:L/S:U/UI:N/PR:L/AC:L/AV:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T20:39:43.596Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.yuque.com/docs/share/23f988ad-1402-42f2-b8d2-c7a87a4022bd"
},
{
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3361.md"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3361"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2805393%40ultimate-member\u0026new=2805393%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-26T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2022-10-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-3361",
"datePublished": "2022-11-29T20:39:43.596Z",
"dateReserved": "2022-09-29T17:20:33.684Z",
"dateUpdated": "2025-01-31T18:24:13.177Z",
"requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3966 (GCVE-0-2022-3966)
Vulnerability from cvelistv5 – Published: 2022-11-13 00:00 – Updated: 2025-04-15 13:15
VLAI?
Title
Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal
Summary
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Path Traversal -> CWE-21 Pathname Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Ultimate Member Plugin |
Affected:
2.0
Affected: 2.1 Affected: 2.2 Affected: 2.3 Affected: 2.4 Affected: 2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:53.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.213545"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:05:34.441560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:15:38.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ultimate Member Plugin",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal -\u003e CWE-21 Pathname Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-13T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1"
},
{
"url": "https://vuldb.com/?id.213545"
}
],
"title": "Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3966",
"datePublished": "2022-11-13T00:00:00.000Z",
"dateReserved": "2022-11-13T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:15:38.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1208 (GCVE-0-2022-1208)
Vulnerability from cvelistv5 – Published: 2022-06-13 12:43 – Updated: 2024-08-02 23:55
VLAI?
Summary
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.3.2
(semver)
|
Credits
Ruijie Li
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93cf6dce-892e-4106-bb37-b7952e5ea5a1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Stored%20Cross-Site%20Scripting.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2735896%40ultimate-member\u0026new=2735896%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.3.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruijie Li"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:47.623Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93cf6dce-892e-4106-bb37-b7952e5ea5a1?source=cve"
},
{
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Stored%20Cross-Site%20Scripting.md"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2735896%40ultimate-member\u0026new=2735896%40ultimate-member\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1208"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-21T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1208",
"datePublished": "2022-06-13T12:43:38",
"dateReserved": "2022-04-01T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1209 (GCVE-0-2022-1209)
Vulnerability from cvelistv5 – Published: 2022-05-10 19:34 – Updated: 2024-08-02 23:55
VLAI?
Summary
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
Affected:
* , ≤ 2.3.1
(semver)
|
Credits
Ruijie Li
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ultimatemember/ultimatemember/issues/989"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ultimatemember/ultimatemember/pull/990"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruijie Li"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:33:01.919Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=cve"
},
{
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/issues/989"
},
{
"url": "https://github.com/ultimatemember/ultimatemember/pull/990"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-29T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1209",
"datePublished": "2022-05-10T19:34:42",
"dateReserved": "2022-04-01T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39329 (GCVE-0-2021-39329)
Vulnerability from cvelistv5 – Published: 2021-10-19 14:14 – Updated: 2025-02-14 17:53
VLAI?
Title
JobBoardWP – Job Board Listings and Submissions <= 1.0.7 Authenticated Stored Cross-Site Scripting
Summary
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JobBoardWP | JobBoardWP |
Affected:
1.0.7 , ≤ 1.0.7
(custom)
|
Credits
Thinkland Security Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/JobBoardWP%20%E2%80%93%20Job%20Board%20Listings%20and%20Submissions.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T17:53:19.455728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T17:53:28.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "JobBoardWP",
"vendor": "JobBoardWP",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "1.0.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thinkland Security Team"
}
],
"datePublic": "2021-10-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T14:14:51.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/JobBoardWP%20%E2%80%93%20Job%20Board%20Listings%20and%20Submissions.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165"
}
],
"solutions": [
{
"lang": "en",
"value": "Uninstall plugin from site."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JobBoardWP \u2013 Job Board Listings and Submissions \u003c= 1.0.7 Authenticated Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-10-15T19:23:00.000Z",
"ID": "CVE-2021-39329",
"STATE": "PUBLIC",
"TITLE": "JobBoardWP \u2013 Job Board Listings and Submissions \u003c= 1.0.7 Authenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JobBoardWP",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0.7",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "JobBoardWP"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thinkland Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39329",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39329"
},
{
"name": "https://github.com/BigTiger2020/word-press/blob/main/JobBoardWP%20%E2%80%93%20Job%20Board%20Listings%20and%20Submissions.md",
"refsource": "MISC",
"url": "https://github.com/BigTiger2020/word-press/blob/main/JobBoardWP%20%E2%80%93%20Job%20Board%20Listings%20and%20Submissions.md"
},
{
"name": "https://plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165"
}
]
},
"solution": [
{
"lang": "en",
"value": "Uninstall plugin from site."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-39329",
"datePublished": "2021-10-19T14:14:51.612Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2025-02-14T17:53:28.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}