Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2018-0590 (GCVE-0-2018-0590)

Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Fails to restrict access

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:07:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0590",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0590",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0589 (GCVE-0-2018-0589)

Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Fails to restrict access

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:06:58.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0589",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0589",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0588 (GCVE-0-2018-0588)

Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Directory traversal

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:07:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0588",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0587 (GCVE-0-2018-0587)

Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Unrestricted file upload vulnerability

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unrestricted file upload vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:06:59.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unrestricted file upload vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0587",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0586 (GCVE-0-2018-0586)

Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Directory traversal

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:06:58.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0586",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0586",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10234 (GCVE-0-2018-10234)

Vulnerability from nvd – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32

Summary

Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/RiieCco/write-ups/tree/master/…	x_refsource_MISC
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_MISC

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:32:01.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-23T13:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234",
              "refsource": "MISC",
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10234",
    "datePublished": "2018-04-23T14:00:00.000Z",
    "dateReserved": "2018-04-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:32:01.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10233 (GCVE-0-2018-10233)

Vulnerability from nvd – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32

Summary

The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/RiieCco/write-ups/tree/master/…	x_refsource_MISC
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9611	x_refsource_MISC

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:32:01.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9611"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-06T04:06:05.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9611"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233",
              "refsource": "MISC",
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9611",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9611"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10233",
    "datePublished": "2018-04-23T14:00:00.000Z",
    "dateReserved": "2018-04-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:32:01.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0588 (GCVE-0-2018-0588)

Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Directory traversal

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:07:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0588",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0587 (GCVE-0-2018-0587)

Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Unrestricted file upload vulnerability

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unrestricted file upload vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:06:59.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unrestricted file upload vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0587",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0586 (GCVE-0-2018-0586)

Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Directory traversal

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:06:58.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0586",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0586",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0590 (GCVE-0-2018-0590)

Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Fails to restrict access

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:07:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0590",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0590",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0589 (GCVE-0-2018-0589)

Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Fails to restrict access

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN28804532/index.html	third-party-advisoryx_refsource_JVN
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_CONFIRM
	https://wpvulndb.com/vulnerabilities/9608	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ultimate Member	Ultimate Member	Affected: prior to version 2.0.4

Date Public ?

2018-04-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28804532",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ultimate Member",
          "vendor": "Ultimate Member",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T21:06:58.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#28804532",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0589",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ultimate Member",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ultimate Member"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28804532",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9608",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0589",
    "datePublished": "2018-05-14T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10233 (GCVE-0-2018-10233)

Vulnerability from cvelistv5 – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32

Summary

The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/RiieCco/write-ups/tree/master/…	x_refsource_MISC
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9611	x_refsource_MISC

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:32:01.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9611"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-06T04:06:05.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9611"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233",
              "refsource": "MISC",
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9611",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9611"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10233",
    "datePublished": "2018-04-23T14:00:00.000Z",
    "dateReserved": "2018-04-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:32:01.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10234 (GCVE-0-2018-10234)

Vulnerability from cvelistv5 – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32

Summary

Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/RiieCco/write-ups/tree/master/…	x_refsource_MISC
	https://wordpress.org/plugins/ultimate-member/#de…	x_refsource_MISC

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:32:01.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/ultimate-member/#developers"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-23T13:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/ultimate-member/#developers"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234",
              "refsource": "MISC",
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
            },
            {
              "name": "https://wordpress.org/plugins/ultimate-member/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10234",
    "datePublished": "2018-04-23T14:00:00.000Z",
    "dateReserved": "2018-04-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:32:01.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

14 vulnerabilities found for user_profile_\&_membership by ultimatemember

CVE-2018-0590 (GCVE-0-2018-0590)

CVE-2018-0589 (GCVE-0-2018-0589)

CVE-2018-0588 (GCVE-0-2018-0588)

CVE-2018-0587 (GCVE-0-2018-0587)

CVE-2018-0586 (GCVE-0-2018-0586)

CVE-2018-10234 (GCVE-0-2018-10234)

CVE-2018-10233 (GCVE-0-2018-10233)

CVE-2018-0588 (GCVE-0-2018-0588)

CVE-2018-0587 (GCVE-0-2018-0587)

CVE-2018-0586 (GCVE-0-2018-0586)

CVE-2018-0590 (GCVE-0-2018-0590)

CVE-2018-0589 (GCVE-0-2018-0589)

CVE-2018-10233 (GCVE-0-2018-10233)

CVE-2018-10234 (GCVE-0-2018-10234)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.