Ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
22 CVEs affecting Ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin. Latest disclosed: 2026-04-04. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1071 | Critical | 9.8 | 2024-03-13 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL In… |
CVE-2026-4248 | High | 8.0 | 2026-03-27 | The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{use… |
CVE-2025-1702 | High | 7.5 | 2025-03-05 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-b… |
CVE-2025-0308 | High | 7.5 | 2025-01-18 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-b… |
CVE-2024-2123 | High | 7.2 | 2024-03-13 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored… |
CVE-2022-3383 | High | 7.2 | 2022-11-29 | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback… |
CVE-2022-3384 | High | 7.2 | 2022-11-29 | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options funct… |
CVE-2025-15064 | Medium | 6.4 | 2026-04-04 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored… |
CVE-2025-13220 | Medium | 6.4 | 2025-12-21 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored… |
CVE-2025-13217 | Medium | 6.4 | 2025-12-17 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-… |
CVE-2024-8519 | Medium | 6.4 | 2024-10-04 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored… |
CVE-2022-1208 | Medium | 6.4 | 2022-06-13 | The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to… |
CVE-2026-1404 | Medium | 6.1 | 2026-02-18 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflec… |
CVE-2024-2765 | Medium | 5.4 | 2024-05-02 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored… |
CVE-2025-12492 | Medium | 5.3 | 2025-12-20 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensit… |
CVE-2024-12276 | Medium | 5.3 | 2025-02-21 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second… |
CVE-2025-0318 | Medium | 5.3 | 2025-01-18 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Inform… |
CVE-2024-8520 | Medium | 5.3 | 2024-10-04 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-… |
CVE-2025-14081 | Medium | 4.3 | 2025-12-17 | The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in… |
CVE-2024-10528 | Medium | 4.3 | 2024-11-21 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauth… |