cleantalk
Vulnerabilities and Security Researches

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2026-39659

CVE, Research URL

CVE-2026-39659

Home page URL

Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Application

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Published on
Apr 08, 2026
Research Description
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through <= 2.11.3.
Affected versions
max 2.11.3.
Status
vulnerable
Previous vulnerability researches
Video &amp; Photo Gallery for Ultimate Member (CVE-2025-32121) , Apr 06, 2025
Video &amp; Photo Gallery for Ultimate Member (CVE-2024-12162) , Dec 13, 2024
Video &amp; Photo Gallery for Ultimate Member (CVE-2024-54370) , Dec 18, 2024
Video &amp; Photo Gallery for Ultimate Member (CVE-2025-22672) , Feb 20, 2025
BuddyForms Ultimate Member (893cfcf44e3c079784f666e461a667cb4f6e2761) , Jun 06, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2026-2385) , Apr 15, 2026
The Plus Addons for Elementor (CVE-2026-2386) , Apr 15, 2026
Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery (CVE-2026-1036) , Apr 15, 2026
Secure Copy Content Protection and Content Locking (CVE-2026-1320) , Apr 15, 2026
Secure Copy Content Protection and Content Locking (CVE-2026-2367) , Apr 15, 2026