Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ultimatemember — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting ultimatemember. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ultimatemember is a widely deployed WordPress plugin designed to facilitate user registration, profile management, and membership functionality. With twenty-seven recorded Common Vulnerabilities and Exposures, the software has historically exhibited significant security weaknesses, primarily involving SQL injection, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper capability checks, allowing attackers to manipulate database queries or execute arbitrary code. Notably, several incidents have highlighted the risk of unauthorized access to sensitive user data and administrative functions due to flawed authentication mechanisms. The high volume of CVEs suggests persistent challenges in maintaining secure code practices within the plugin’s architecture. Organizations relying on this tool must prioritize regular updates and rigorous security audits to mitigate the substantial risks associated with its extensive attack surface and historical vulnerability profile.

Found 4 results / 27Clear Filters
Top products by ultimatemember: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ForumWP – Forum & Discussion Board JobBoardWP – Job Board Listings and Submissions
CVE IDTitleCVSSSeverityPublished
CVE-2025-13746 ForumWP – Forum & Discussion Board <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name — ForumWP – Forum & Discussion BoardCWE-79 6.4 Medium2026-01-06
CVE-2024-11204 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter — ForumWP – Forum & Discussion BoardCWE-79 6.1 Medium2024-12-06
CVE-2024-10879 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting — ForumWP – Forum & Discussion BoardCWE-79 6.1 Medium2024-12-06
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover — ForumWP – Forum & Discussion BoardCWE-639 8.8 High2024-09-06

This page lists every published CVE security advisory associated with ultimatemember. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.