Vulnerabilities and security researches forultimate-member ultimate-member
Direction: ascendingJun 07, 2024
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2020-36170
- CVE, Research URL
- Date
- Jan 06, 2021
- Research Description
- The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
- Affected versions
-
max 2.1.13.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2020-36155
- CVE, Research URL
- Date
- Jan 04, 2021
- Research Description
- An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access.
- Affected versions
-
max 2.1.12.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2019-14946
- CVE, Research URL
- Date
- Aug 12, 2019
- Research Description
- The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
- Affected versions
-
max 2.0.52.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2015-9304
- CVE, Research URL
- Date
- Aug 12, 2019
- Research Description
- The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
- Affected versions
-
max 1.3.18.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2021-24306
- CVE, Research URL
- Date
- May 24, 2021
- Research Description
- The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the related logged in user open a malicious link.
- Affected versions
-
max 2.1.20.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2020-36157
- CVE, Research URL
- Date
- Jan 04, 2021
- Research Description
- An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges.
- Affected versions
-
max 2.1.12.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2020-36156
- CVE, Research URL
- Date
- Jan 04, 2021
- Research Description
- An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.
- Affected versions
-
max 2.1.12.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2016-10872
- CVE, Research URL
- Date
- Aug 12, 2019
- Research Description
- The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
- Affected versions
-
max 1.3.40.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2019-14945
- CVE, Research URL
- Date
- Aug 12, 2019
- Research Description
- The ultimate-member plugin before 2.0.54 for WordPress has XSS.
- Affected versions
-
max 2.0.54.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2020-6859
- CVE, Research URL
- Date
- Jan 13, 2020
- Research Description
- Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
- Affected versions
-
max 2.1.3.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-13136
- CVE, Research URL
- Date
- Jul 04, 2018
- Research Description
- The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
- Affected versions
-
max 2.0.18.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2019-14947
- CVE, Research URL
- Date
- Aug 12, 2019
- Research Description
- The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.
- Affected versions
-
max 2.0.52.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-20965
- CVE, Research URL
- Date
- Aug 12, 2019
- Research Description
- The ultimate-member plugin before 2.0.4 for WordPress has XSS.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2019-10270
- CVE, Research URL
- Date
- Jun 21, 2019
- Research Description
- An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to know the user_id, which is publicly available. One just has to intercept the password modification request and modify user_id. It is possible to modify the passwords for any users or admin WordPress Ultimate Members. This could lead to account compromise and privilege escalation.
- Affected versions
-
max 2.0.40.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2019-10673
- CVE, Research URL
- Date
- Apr 03, 2019
- Research Description
- A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress "password forget" form.
- Affected versions
-
max 2.0.40.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-0587
- CVE, Research URL
- Date
- May 14, 2018
- Research Description
- Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-17866
- CVE, Research URL
- Date
- Oct 10, 2018
- Research Description
- Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
- Affected versions
-
max 2.0.28.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-0589
- CVE, Research URL
- Date
- May 14, 2018
- Research Description
- Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-0588
- CVE, Research URL
- Date
- May 14, 2018
- Research Description
- Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.
- Affected versions
-
max 2.0.40.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-0586
- CVE, Research URL
- Date
- May 14, 2018
- Research Description
- Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-10234
- CVE, Research URL
- Date
- Apr 23, 2018
- Research Description
- Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page.
- Affected versions
-
max 2.0.11.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2019-10271
- CVE, Research URL
- Date
- Jun 25, 2019
- Research Description
- An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.
- Affected versions
-
max 2.0.40.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-0590
- CVE, Research URL
- Date
- May 14, 2018
- Research Description
- Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-0585
- CVE, Research URL
- Date
- May 14, 2018
- Research Description
- Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-10233
- CVE, Research URL
- Date
- Apr 23, 2018
- Research Description
- The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
- Affected versions
-
max 2.0.7.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-6943
- CVE, Research URL
- Date
- Feb 16, 2018
- Research Description
- core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2018-6944
- CVE, Research URL
- Date
- Feb 16, 2018
- Research Description
- core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
- Affected versions
-
max 2.0.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2022-1209
- CVE, Research URL
- Date
- May 11, 2022
- Research Description
- The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
- Affected versions
-
max 1.3.65.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2022-1208
- CVE, Research URL
- Date
- Jun 13, 2022
- Research Description
- The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2.
- Affected versions
-
Min 1.2.98, max 1.0.84.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2015-8354
- CVE, Research URL
- Date
- Sep 12, 2017
- Research Description
- Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
- Affected versions
-
max 1.3.29.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2022-3383
- CVE, Research URL
- Date
- Nov 30, 2022
- Research Description
- The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.
- Affected versions
-
max 2.5.1.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2022-3384
- CVE, Research URL
- Date
- Nov 30, 2022
- Research Description
- The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.
- Affected versions
-
max 2.5.1.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2022-3361
- CVE, Research URL
- Date
- Nov 30, 2022
- Research Description
- The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.
- Affected versions
-
max 2.5.1.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2022-2445
- CVE, Research URL
-
-
- Date
- Apr 14, 2023
- Research Description
- Rejected reason: Incorrectly assigned CVE. Not a valid issue.
- Affected versions
-
max 1.0.84.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2023-31216
- CVE, Research URL
- Date
- Jul 17, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
- Affected versions
-
max 2.6.7.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2023-3460
- CVE, Research URL
- Date
- Jul 04, 2023
- Research Description
- The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
- Affected versions
-
max 2.6.9.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2024-2123
- CVE, Research URL
- Date
- Mar 13, 2024
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.8.4.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2024-1071
- CVE, Research URL
- Date
- Mar 13, 2024
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 2.8.3.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2024-2765
- CVE, Research URL
- Date
- May 02, 2024
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.8.5.
- Status
-
vulnerable
Oct 04, 2024
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2024-8520
- CVE, Research URL
- Date
- Oct 04, 2024
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 2.8.7.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2024-8519
- CVE, Research URL
- Date
- Oct 04, 2024
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.8.7.
- Status
-
vulnerable
Nov 22, 2024
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2024-10528
- CVE, Research URL
- Date
- Nov 21, 2024
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the profile pictures of other users.
- Affected versions
-
max 2.9.0.
- Status
-
vulnerable
Jan 18, 2025
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-0308
- CVE, Research URL
- Date
- Jan 18, 2025
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 2.9.2.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-0318
- CVE, Research URL
- Date
- Jan 18, 2025
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table.
- Affected versions
-
max 2.9.2.
- Status
-
vulnerable
Feb 22, 2025
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2024-12276
- CVE, Research URL
- Date
- Feb 21, 2025
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with access to upload files and manage filenames through a third-party plugin like a File Manager, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The risk of this vulnerability is very minimal as it requires a user to be able to manipulate filenames in order to successfully exploit.
- Affected versions
-
max 2.10.0.
- Status
-
vulnerable
Mar 05, 2025
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-1702
- CVE, Research URL
- Date
- Mar 05, 2025
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 2.10.2.
- Status
-
vulnerable
Jan 28, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-13217
- CVE, Research URL
- Date
- Dec 18, 2025
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping on user-supplied YouTube video URLs in the `um_profile_field_filter_hook__youtube_video()` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that execute whenever a user accesses the injected user's profile page.
- Affected versions
-
max 2.11.1.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-14081
- CVE, Research URL
- Date
- Dec 18, 2025
- Research Description
- The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the `required_perm` check is applied during rendering. This makes it possible for authenticated attackers with Subscriber-level access to modify their profile privacy settings (e.g., setting profile to "Only me") via direct parameter manipulation, even when the administrator has explicitly disabled the option for their role.
- Affected versions
-
max 2.11.1.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-13220
- CVE, Research URL
- Date
- Dec 21, 2025
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.11.1.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-12492
- CVE, Research URL
- Date
- Dec 20, 2025
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.
- Affected versions
-
max 2.11.1.
- Status
-
vulnerable
Apr 13, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2025-15064
- CVE, Research URL
- Date
- Apr 04, 2026
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability is only exploitable when "HTML support for user description" is enabled in Ultimate Member settings.
- Affected versions
-
max 2.11.2.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2026-4248
- CVE, Research URL
- Date
- Mar 28, 2026
- Research Description
- The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authenticated attackers, with Contributor-level access and above, to craft a malicious pending post that, when previewed by an Administrator, generates a password reset token for the Administrator and exfiltrates it to an attacker-controlled server, leading to full account takeover.
- Affected versions
-
max 2.11.3.
- Status
-
vulnerable
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2026-39659
- CVE, Research URL
- Date
- Apr 08, 2026
- Research Description
- Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through <= 2.11.3.
- Affected versions
-
max 2.11.3.
- Status
-
vulnerable
Apr 14, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin # CVE-2026-1404
- CVE, Research URL
- Date
- Feb 18, 2026
- Research Description
- The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters (e.g., 'filter_first_name') in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 2.11.2.
- Status
-
vulnerable