{"id":"CVE-2018-13136","details":"The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.","modified":"2026-04-10T04:05:12.450223Z","published":"2018-07-04T08:29:00.290Z","references":[{"type":"WEB","url":"https://wpvulndb.com/vulnerabilities/9708"},{"type":"ADVISORY","url":"https://github.com/ultimatemember/ultimatemember/releases/tag/2.0.18"},{"type":"ADVISORY","url":"https://github.com/ultimatemember/ultimatemember/issues/456"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ultimatemember/ultimatemember","events":[{"introduced":"0"},{"fixed":"6a9557f52ee6c2a8a16471fb6ccd1ba54298cbaa"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.18"}]}}],"versions":["1.3.48","1.3.59","1.3.88","1.3.88.4","1.3.88.5","1.3.88.6","2.0.10","2.0.11","2.0.16","2.0.17","2.0.4","2.0.5","2.0.9","pre-v1.3.50","pre-v1.3.69.16","pre-v1.3.69.17","pre-v1.3.69.18","pre-v1.3.69.19","pre-v1.3.69.20","pre-v1.3.69.21","pre-v1.3.69.22","pre-v1.3.69.23","pre-v1.3.69.24","pre-v1.3.69.25","v1.3.29","v1.3.30","v1.3.32","v1.3.35","v1.3.36","v1.3.37","v1.3.38","v1.3.39","v1.3.40","v1.3.41","v1.3.42","v1.3.43","v1.3.44","v1.3.45","v1.3.47","v1.3.49","v1.3.51","v1.3.52","v1.3.53","v1.3.54","v1.3.55","v1.3.56","v1.3.60","v1.3.61","v1.3.62","v1.3.63","v1.3.64","v1.3.65","v1.3.66","v1.3.67","v1.3.68","v1.3.69","v1.3.71","v1.3.72","v1.3.73","v1.3.74","v1.3.75","v1.3.76","v1.3.78","v1.3.79","v1.3.81","v1.3.82","v1.3.83","v1.3.84","v1.3.88.1","v1.3.88.2","v1.3.88.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13136.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}