cleantalk
Vulnerabilities and Security Researches

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2016-10872

CVE, Research URL

CVE-2016-10872

Home page URL

Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Application

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Published on
Aug 12, 2019
Research Description
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
Affected versions
max 1.3.40.
Status
vulnerable
Previous vulnerability researches
Video & Photo Gallery for Ultimate Member (CVE-2025-32121) , Apr 06, 2025
Video & Photo Gallery for Ultimate Member (CVE-2024-12162) , Dec 13, 2024
Video & Photo Gallery for Ultimate Member (CVE-2024-54370) , Dec 18, 2024
Video & Photo Gallery for Ultimate Member (CVE-2025-22672) , Feb 20, 2025
BuddyForms Ultimate Member (CVE-2023-33999) , Jun 13, 2026
New vulnerability
WP Required Taxonomies – Categories and Tags Mandatory (CVE-2023-33999) , Jun 14, 2026
Pods – Custom Content Types and Fields (CVE-2023-33999) , Jun 14, 2026
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2022-47150) , Jun 14, 2026
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition (CVE-2023-33999) , Jun 14, 2026
Colibri Page Builder (CVE-2025-11747) , Jun 14, 2026