ultimatemember
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting ultimatemember.
- CVE-2025-15064Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets6.4
- CVE-2026-4248Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag8.0
- CVE-2026-1404Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters6.1
- CVE-2025-13746ForumWP – Forum & Discussion Board <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name6.4
- CVE-2025-13220Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes6.4
- CVE-2025-12492Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure5.3
- CVE-2025-14081Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass4.3
- CVE-2025-13217Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'6.4
- CVE-2025-1702Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter7.5
- CVE-2024-12276Ultimate Member <= 2.9.2 - Authenticated SQL Injection5.3
- CVE-2025-0308Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection7.5
- CVE-2025-0318Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure5.3
- CVE-2024-54367WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability9.8
- CVE-2023-23715WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability5.2
- CVE-2024-11204ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter6.1