CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8520 – Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change
https://notcve.org/view.php?id=CVE-2024-8520
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L1880 https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L1945 https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L1948C1-L1959C6 https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L70C4-L70C84 https://github.com/ultimatemember/ultimatem • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8519 – Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8519
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/core/class-shortcodes.php#L433 https://github.com/ultimatemember/ultimatemember/pull/1545 https://plugins.trac.wordpress.org/changeset/3160947/ultimate-member/tags/2.8.7/includes/core/class-shortcodes.php https://wordpress.org/plugins/ultimate-member https://www.wordfence.com/threat-intel/vulnerabilities/id/9e394bb2-d505-4bf1-b672-fea3504bf936?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8428 – ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
https://notcve.org/view.php?id=CVE-2024-8428
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account. • https://plugins.trac.wordpress.org/browser/forumwp/trunk/includes/frontend/class-actions-listener.php#L179 https://www.wordfence.com/threat-intel/vulnerabilities/id/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2765 – Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2765
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin WordPress es vulnerable a Cross-Site Scripting Almacenado a través de los parámetros de URL de Skype y Spotify en todas las versiones hasta la 2.8.4 incluida. Debido a una insuficiente sanitización de los insumos y a fugas de los productos. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://github.com/ultimatemember/ultimatemember/blob/de04d89a49dfb9baf4019ea77b1edfbcd17fd849/includes/core/um-filters-fields.php#L117 https://github.com/ultimatemember/ultimatemember/blob/de04d89a49dfb9baf4019ea77b1edfbcd17fd849/includes/core/um-filters-fields.php#L472 https://github.com/ultimatemember/ultimatemember/pull/1491/files https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3067953%40ultimate-member&new=3067953%40ultimate-member&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabiliti • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2123 – Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2123
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin para WordPress es vulnerable a Cross-Site Scripting almacenado a través de varios parámetros en todas las versiones hasta la 2.8.3 incluida debido a una entrada insuficiente sanitización y escape de producción. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L44 https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L53 https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L65 https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L39 https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L53 https://plugins.trac.wordpress.org/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •