Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ultimate Member — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting Ultimate Member. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ultimate Member is a WordPress plugin for user profile and membership management. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), privilege escalation, and authentication bypass. With 11 CVEs recorded, the plugin has faced recurring flaws in input validation, access controls, and file handling. Notable incidents include multiple XSS vulnerabilities allowing attacker-controlled script execution in user profiles and RCE issues through improper file processing. The plugin's extensive permissions and user interaction features have consistently created attack surfaces, with many vulnerabilities stemming from insufficient sanitization of user-supplied data and inadequate privilege checks.

Top products by Ultimate Member: Ultimate Member ForumWP Ultimate Member – User Profile, User Registration, Login & Membership Plugin
CVE IDTitleCVSSSeverityPublished
CVE-2025-67474 WordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerability — ForumWPCWE-862 4.3 Medium2025-12-09
CVE-2025-47691 WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability — Ultimate MemberCWE-94 5.5 Medium2025-05-07
CVE-2024-54367 WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability — ForumWPCWE-502 9.8 Critical2024-12-16
CVE-2023-31216 WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) — Ultimate MemberCWE-352 4.3 Medium2023-07-17
CVE-2021-24306 Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS) — Ultimate Member – User Profile, User Registration, Login & Membership PluginCWE-79 5.4 -2021-05-24
CVE-2018-0585 WordPress Ultimate Member插件跨站脚本漏洞 — Ultimate Member 5.4 -2018-05-14
CVE-2018-0586 WordPress Ultimate Member插件路径遍历漏洞 — Ultimate Member 4.3 -2018-05-14
CVE-2018-0587 WordPress Ultimate Member插件安全漏洞 — Ultimate Member 4.3 -2018-05-14
CVE-2018-0588 WordPress Ultimate Member插件路径遍历漏洞 — Ultimate Member 5.3 -2018-05-14
CVE-2018-0589 WordPress Ultimate Member插件安全漏洞 — Ultimate Member 4.3 -2018-05-14
CVE-2018-0590 WordPress Ultimate Member插件安全漏洞 — Ultimate Member 6.5 -2018-05-14

This page lists every published CVE security advisory associated with Ultimate Member. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.