High 8.1
2026-03-25< 13.7.1
CVE-2026-25357
Ultimate Membership Pro
Vulnerabilities 20Slug indeed-membership-pro
Minimum safe version
13.7.1
Update to 13.7.1 or later to address 18 fixable vulnerabilities
Affected up to8.6 ⚠
Critical 9.8
2024-10-16≥ 7.3 and < 8.6.1
CVE-2020-36832
Medium 6.3
2024-10-16< 8.6.1
CVE-2020-36833
Critical 9.4
2024-08-19< 12.8
CVE-2024-43240
High 7.1
2024-08-18< 12.8
CVE-2024-43241
Critical 9.0
2024-08-19< 12.8
CVE-2024-43242
N/A
< 7.6
Ultimate Membership Pro 7.4.2 <= 7.5 - Arbitrary media include
N/A
< 7.6
Ultimate Membership Pro <= 7.5 - Arbitrary media upload
N/A
< 8.6.1
Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities
N/A
< 8.7
Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation
N/A
< 8.6.2
Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy
N/A
2019-02-26< 7.6
Indeed Membership Pro <= 7.5 - Arbitrary File Upload
N/A
2019-02-26< 7.6
Indeed Membership Pro <= 7.5 - Remote Image File Inclusion
N/A
2020-02-06≥ 7.3 and ≤ 8.6
Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks
N/A
2020-02-06≥ 7.3 and ≤ 8.6
Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass
N/A
2020-02-24< 8.6.2
Ultimate Membership Pro <= 8.6.1 - Cross-Site Request Forgery
N/A
2020-02-24< 8.7
Ultimate Membership Pro <= 8.6 - Cross-Site Request Forgery
N/A
2020-02-06< 8.6.1
Ultimate Membership Pro plugin <= 8.6 - Multiple Critical Vulnerabilities
N/A
2020-02-24< 8.7
WordPress Ultimate Membership Pro premium plugin <= 8.6 - Cross-Site Request Forgery (CSRF) vulnerability
N/A
2020-02-24< 8.6.2
WordPress Ultimate Membership Pro premium plugin <= 8.6.1 - Multiple Cross-Site Scripting (CSRF) vulnerabilities