cleantalk
Vulnerabilities and Security Researches

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2025-47691

CVE, Research URL

CVE-2025-47691

Home page URL

Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Application

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Published on
May 07, 2025
Research Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <= 2.10.3.
Affected versions
max 2.10.4.
Status
vulnerable
Previous vulnerability researches
WordPress Mobile Themes (CVE-2025-28881) , Mar 13, 2025
New vulnerability
EventonAI (CVE-2023-33999) , Jun 14, 2026
WP EasyPay &#8211; Square for WordPress (CVE-2023-33999) , Jun 14, 2026
Advanced Accordion Gutenberg Block (CVE-2023-33999) , Jun 14, 2026
Glossary (CVE-2023-33999) , Jun 14, 2026
Product Price History for WooCommerce (CVE-2023-33999) , Jun 14, 2026