WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability

CVE	CVE-2025-30890
State	PUBLISHED
Assigner	Patchstack
Source Priority	CVE Program / NVD first with legacy fallback
Published	2025-03-27 11:15:49 UTC
Updated	2026-04-01 17:20:32 UTC
Description	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member login-widget-for-ultimate-member allows PHP Local File Inclusion.This issue affects Login Widget for Ultimate Member: from n/a through <= 1.1.2.

Problem Types: CWE-98 | CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Source	Vendor	Product	Version	Platforms
CNA	SuitePlugins	Login Widget For Ultimate Member	affected 1.1.2 custom	Not specified

Reference	Source	Link	Tags
patchstack.com/database/Wordpress/Plugin/login-widget-for-ultimate-member/vu...	[email protected]	patchstack.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: Muhammad Yudha - DJ | Patchstack Bug Bounty Program (en)

There are currently no legacy QID mappings associated with this CVE.