cleantalk
Vulnerabilities and Security Researches

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2025-47691

CVE, Research URL

CVE-2025-47691

Home page URL

Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Application

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Published on
May 07, 2025
Research Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <= 2.10.3.
Affected versions
max 2.10.4.
Status
vulnerable
Previous vulnerability researches
Video &amp; Photo Gallery for Ultimate Member (CVE-2025-32121) , Apr 06, 2025
Video &amp; Photo Gallery for Ultimate Member (CVE-2024-12162) , Dec 13, 2024
Video &amp; Photo Gallery for Ultimate Member (CVE-2024-54370) , Dec 18, 2024
Video &amp; Photo Gallery for Ultimate Member (CVE-2025-22672) , Feb 20, 2025
BuddyForms Ultimate Member (CVE-2023-33999) , Jun 13, 2026
New vulnerability
Maspik &#8211; Spam Blacklist (CVE-2025-9979) , Jun 14, 2026
WP How to &#8211; WordPress Tutorial Videos (CVE-2023-33999) , Jun 14, 2026
Lightbox &#8211; EverlightBox Gallery (CVE-2023-33999) , Jun 14, 2026
Open User Map (CVE-2023-33999) , Jun 14, 2026
All-in-One Addons for Elementor &#8211; WidgetKit (CVE-2025-8779) , Jun 14, 2026