N/A
2026-02-17< 2.11.2
Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Minimum safe version
2.11.3
Update to 2.11.3 or later to address 90 fixable vulnerabilities
Latest available2.11.4 ✓Affected up to1.2.994 ⚠⚠ 1 vulnerability has no fix
N/A Unfixed
2026-04-08≤ 2.11.3
CVE-2026-39659
N/A
2026-03-27< 2.11.3
Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag
Medium 6.4
2026-04-04< 2.11.2
CVE-2025-15064
Medium 5.3
2025-12-20< 2.11.1
CVE-2025-12492
Medium 6.4
2025-12-21< 2.11.1
CVE-2025-13220
Medium 4.3
2025-12-17< 2.11.1
CVE-2025-14081
Medium 6.4
2025-12-17< 2.11.1
CVE-2025-13217
Medium 5.5
2025-05-07< 2.10.4
CVE-2025-47691
N/A
2025-04-16< 2.10.2
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.10.1 - Unauthenticated Blind SQL Injection
High 7.5
2025-03-05< 2.10.1
Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter
Medium 5.3
2025-02-21< 2.10.0
CVE-2024-12276
High 7.5
2025-01-17< 2.9.2
Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection
Medium 5.3
2025-01-17< 2.9.2
WordPress Ultimate Member Plugin <= 2.9.1 is vulnerable to Sensitive Data Exposure
Medium 4.3
2024-11-21< 2.9.0
CVE-2024-10528
Medium 4.3
2024-10-04< 2.8.7
CVE-2024-8520
Medium 5.4
2024-10-04< 2.8.7
CVE-2024-8519
Medium 5.4
2024-05-02< 2.8.5
CVE-2024-2765
Medium 6.1
2024-03-13< 2.8.4
CVE-2024-2123
Critical 9.8
2024-03-13< 2.8.3
CVE-2024-1071
N/A
2023-08-09< 2.6.9
WordPress Ultimate Member Plugin <= 2.6.8 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
2023-08-08< 2.6.9
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.6.8 - Cross-Site Request Forgery
Critical 9.8
2023-07-04< 2.6.7
CVE-2023-3460
Medium 4.3
2023-07-17< 2.6.7
CVE-2023-31216
N/A
2015-03-10< 1.0.84
Ultimate Member < 1.0.84 - Authorization Bypass to Arbitrary File Upload/Delete
N/A
2015-06-18< 1.2.995
Ultimate Member 1.2.98 - 1.2.997 - Reflected Cross-Site Scripting
N/A
2016-07-10< 1.3.65
Ultimate Member <= 1.3.64 - Local File Inclusion
N/A
2016-12-06< 1.3.76
Ultimate Member <= 1.3.75 - Missing Authorization to Password Reset
N/A
2017-04-17< 1.3.84
Ultimate Member <= 1.3.83 - Shortcode Injection
N/A
2018-08-08< 2.0.22
Ultimate Member <= 2.0.21 - Arbitrary File Upload
N/A
2018-08-09< 2.0.22
Ultimate Member <= 2.0.21 - Cross-Site Scripting
N/A
2018-11-27< 2.0.33
Ultimate Member <= 2.0.32 - Cross-Site Request Forgery
N/A
2019-05-13< 2.0.46
Ultimate Member <= 2.0.45 - Low-Privileged Stored Cross-Site Scripting
N/A
2019-05-13< 2.0.46
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read
N/A
2019-05-13< 2.0.46
Ultimate Member <= 2.0.45 - Admin+ Stored Cross-Site Scripting
N/A
2020-07-23< 2.1.7
Ultimate Member <= 2.1.6 - Open Redirect
N/A
2022-07-14< 2.4.2
Ultimate Member <= 2.4.1 - Username Enumeration
N/A
2022-07-15< 2.4.1
Ultimate Member <= 2.4.0 - Subscriber+ Stored Cross-Site Scripting
N/A
2022-10-28< 2.5.1
WordPress Ultimate Member plugin <= 2.5.0 - Auth. Directory Traversal vulnerability
Medium 4.3
2022-11-29< 2.5.1
CVE-2022-3361
High 7.2
2022-11-29< 2.5.1
CVE-2022-3384
High 7.2
2022-11-29< 2.5.1
CVE-2022-3383
N/A
< 1.0.84
Ultimate Member <= 1.0.78 - Multiple Vulnerabilities
N/A
≥ 1.2.98 and ≤ 1.2.994
Ultimate Member 1.2.98-1.2.994 - Reflected Cross-Site Scripting (XSS)
N/A
< 1.3.65
Ultimate Member < 1.3.65 - Local File Inclusion
N/A
< 1.3.76
Ultimate Member < 1.3.76 - Unauthenticated Change Passwords
N/A
< 2.0.22
Ultimate Member < 2.0.22 - Unauthenticated Arbitrary File Upload
N/A
< 2.0.22
Ultimate Member < 2.0.22 - Authenticated Cross-Site Scripting (XSS)
N/A
< 2.0.33
wpscan.com
N/A
< 2.0.46
Ultimate Member < 2.0.46 - Multiple Vulnerabilities
N/A
< 2.1.7
Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
N/A
2015-03-16< 1.0.84
WordPress Ultimate Member Plugin <= 1.0.78 - Multiple Vulnerabilities
N/A
2015-06-18< 1.2.995
WordPress Ultimate Member Plugin <= 1.2.994 - Cross Site Scripting
N/A
2015-12-02< 1.3.29
WordPress Ultimate Member Plugin <= 1.3.28 - Reflected Cross Site Scripting
Medium 5.4
2022-06-13< 2.4.0
CVE-2022-1208
N/A
2016-07-10< 1.3.65
WordPress Ultimate Member Plugin <= 1.3.64 - Local File Inclusion
N/A
2016-12-06< 1.3.76
WordPress Ultimate Member Plugin <= 1.3.75 - Unauthenticated Change Passwords
N/A
2018-08-09< 2.0.22
WordPress Ultimate Member plugin <= 2.0.21 - Unauthenticated Arbitrary File Upload vulnerability
N/A
2018-08-28< 2.0.22
WordPress Ultimate Member plugin <= 2.0.21 - Authenticated Cross-Site Scripting (XSS) vulnerability
N/A
2018-11-27< 2.0.33
WordPress Ultimate Member plugin <= 2.0.32 - Cross-Site Request Forgery (CSRF) vulnerability
N/A
2019-05-16< 2.0.46
WordPress Ultimate Member plugin <= 2.0.45 - Multiple vulnerabilities
N/A
2019-07-13< 2.0.52
WordPress Ultimate Member plugin <= 2.0.51 - Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities
N/A
2020-11-09< 2.1.12
WordPress Ultimate Member plugin <= 2.1.11 - Unauthenticated/Authenticated Privilege Escalation
Medium 5.4
2022-05-10< 2.3.2
CVE-2022-1209
Medium 6.1
2017-09-11< 1.3.29
CVE-2015-8354
Medium 6.1
2018-02-16< 2.0.4
CVE-2018-6944
Medium 6.1
2018-02-16< 2.0.4
CVE-2018-6943
Medium 4.8
2018-04-23< 2.0.11
CVE-2018-10234
High 8.8
2018-04-23< 2.0.7
CVE-2018-10233
Medium 4.3
2019-08-12< 2.0.4
Ultimate Member <= 2.0.3 - Unauthorized Image File Upload
Medium 4.3
2019-08-12< 2.0.4
Ultimate Member <= 2.0.3 - Directory Traversal
High 7.5
2018-05-14< 2.0.40
CVE-2018-0588
Medium 5.4
2019-08-12< 2.0.4
Ultimate Member <= 1.3.88 - Cross Site Scripting
Medium 4.3
2018-05-14< 2.0.4
CVE-2018-0590
Medium 4.3
2018-05-14< 2.0.4
CVE-2018-0589
Medium 6.1
2018-07-04< 2.0.18
CVE-2018-13136
Medium 6.1
2018-10-09< 2.0.28
CVE-2018-17866
High 8.8
2019-04-04< 2.0.40
WordPress Ultimate Member plugin <= 2.0.39 - Cross-Site Request Forgery (CSRF) vulnerability
High 8.8
2019-06-21< 2.0.40
CVE-2019-10270
Medium 4.3
2019-06-24< 2.0.40
CVE-2019-10271
Medium 6.1
2019-08-12< 2.0.4
CVE-2018-20965
Medium 5.4
2019-08-12< 2.0.52
CVE-2019-14947
Medium 5.4
2019-08-12< 2.0.52
CVE-2019-14946
Medium 5.4
2019-08-14< 2.0.54
WordPress Ultimate Member plugin <= 2.0.53 - Cross-Site Scripting (XSS) vulnerability
Medium 6.1
2019-08-12< 1.3.18
CVE-2015-9304
Medium 6.1
2019-08-12< 1.3.40
CVE-2016-10872
Medium 5.3
2020-01-22< 2.1.3
WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability
Critical 9.8
2021-01-04< 2.1.12
CVE-2020-36157
High 8.8
2021-01-04< 2.1.12
CVE-2020-36156
Critical 9.8
2021-01-04< 2.1.12
CVE-2020-36155
Medium 5.3
2021-01-06< 2.1.13
CVE-2020-36170
Medium 5.4
2021-05-24< 2.1.20
CVE-2021-24306