Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for user_profile_\&_membership by ultimatemember

    CVE-2018-0590 (GCVE-0-2018-0590)

    Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.126Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:07:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0590",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0590",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0589 (GCVE-0-2018-0589)

    Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:06:58.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0589",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0589",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0588 (GCVE-0-2018-0588)

    Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:07:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0588",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0588",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0587 (GCVE-0-2018-0587)

    Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Unrestricted file upload vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unrestricted file upload vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:06:59.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unrestricted file upload vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0587",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0586 (GCVE-0-2018-0586)

    Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:06:58.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0586",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0586",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10234 (GCVE-0-2018-10234)

    Vulnerability from nvd – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32
    VLAI
    Summary
    Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:32:01.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-23T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234",
                  "refsource": "MISC",
                  "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10234",
        "datePublished": "2018-04-23T14:00:00.000Z",
        "dateReserved": "2018-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:32:01.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10233 (GCVE-0-2018-10233)

    Vulnerability from nvd – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32
    VLAI
    Summary
    The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:32:01.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9611"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-06T04:06:05.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9611"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233",
                  "refsource": "MISC",
                  "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9611",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9611"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10233",
        "datePublished": "2018-04-23T14:00:00.000Z",
        "dateReserved": "2018-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:32:01.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0587 (GCVE-0-2018-0587)

    Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Unrestricted file upload vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unrestricted file upload vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:06:59.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unrestricted file upload vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0587",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0589 (GCVE-0-2018-0589)

    Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:06:58.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0589",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the \u0027Forms\u0027 page via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0589",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0588 (GCVE-0-2018-0588)

    Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:07:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0588",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0588",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0586 (GCVE-0-2018-0586)

    Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:06:58.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0586",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0586",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0590 (GCVE-0-2018-0590)

    Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ultimate Member Ultimate Member Affected: prior to version 2.0.4
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.126Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#28804532",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ultimate Member",
              "vendor": "Ultimate Member",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T21:07:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#28804532",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0590",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ultimate Member",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ultimate Member"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#28804532",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN28804532/index.html"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9608",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0590",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10234 (GCVE-0-2018-10234)

    Vulnerability from cvelistv5 – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32
    VLAI
    Summary
    Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:32:01.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-23T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated Cross site Scripting exists in the User Profile \u0026 Membership plugin before 2.0.11 for WordPress via the \"Account Deletion Custom Text\" input field on the wp-admin/admin.php?page=um_options\u0026section=account page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234",
                  "refsource": "MISC",
                  "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10234"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10234",
        "datePublished": "2018-04-23T14:00:00.000Z",
        "dateReserved": "2018-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:32:01.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10233 (GCVE-0-2018-10233)

    Vulnerability from cvelistv5 – Published: 2018-04-23 14:00 – Updated: 2024-08-05 07:32
    VLAI
    Summary
    The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:32:01.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ultimate-member/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9611"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-06T04:06:05.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/ultimate-member/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9611"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The User Profile \u0026 Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233",
                  "refsource": "MISC",
                  "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233"
                },
                {
                  "name": "https://wordpress.org/plugins/ultimate-member/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/ultimate-member/#developers"
                },
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9611",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9611"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10233",
        "datePublished": "2018-04-23T14:00:00.000Z",
        "dateReserved": "2018-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:32:01.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }