Ultimate member

This hub aggregates every CVE we track for Ultimate member, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ultimate member.

• CVE-2025-47691WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability5.5May 7, 2025
• CVE-2024-12276Ultimate Member <= 2.9.2 - Authenticated SQL Injection5.3Feb 21, 2025
• CVE-2025-0308Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection7.5Jan 18, 2025
• CVE-2025-0318Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure5.3Jan 18, 2025
• CVE-2024-10528Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update4.3Nov 21, 2024
• CVE-2024-8519Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Oct 4, 2024
• CVE-2024-8520Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change5.3Oct 4, 2024
• CVE-2024-2765Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting5.4May 2, 2024
• CVE-2024-1071The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter ...9.8Mar 13, 2024
• CVE-2024-2123Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting7.2Mar 13, 2024
• CVE-2023-31216WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)4.3Jul 17, 2023
• CVE-2023-3460Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation9.8Jul 4, 2023
• CVE-2022-3383Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select7.2Nov 29, 2022
• CVE-2022-3384Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options7.2Nov 29, 2022
• CVE-2022-3361Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes4.3Nov 29, 2022