Known Vulnerabilities for Ultimate Member by Ultimatemember

Listed below are 10 of the newest known vulnerabilities associated with "Ultimate Member" by "Ultimatemember".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-4248	The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including...	Not Provided	2026-03-27	2026-04-01
CVE-2025-47691	Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member al...	Not Provided	2025-05-07	2026-04-01
CVE-2025-32121	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Ph...	Not Provided	2025-04-04	2026-04-01
CVE-2025-30890	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Suit...	Not Provided	2025-03-27	2026-04-01
CVE-2025-22672	Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultima...	Not Provided	2025-03-27	2026-04-01
CVE-2024-54370	Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member galle...	Not Provided	2024-12-16	2026-04-01
CVE-2024-54367	Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects...	Not Provided	2024-12-16	2026-04-01
CVE-2021-24306	The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not pro...	5.4 - MEDIUM	2021-05-24	2023-11-07
CVE-2020-36170	The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.	5.3 - MEDIUM	2021-01-06	2021-01-08
CVE-2020-36157	An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation v...	9.8 - CRITICAL	2021-01-04	2021-07-21

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ultimatemember	Ultimate Member	2.39	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.9	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.8	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.7	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.6	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.5	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.4	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.3	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.2	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.15	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.14	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.13	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.12	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.11	All	All	All
Application	Ultimatemember	Ultimate Member	2.1.10	All	All	All
Application	Ultimatemember	Ultimate Member	2.0.9	All	All	All
Application	Ultimatemember	Ultimate Member	2.0.8	All	All	All
Application	Ultimatemember	Ultimate Member	2.0.7	All	All	All
Application	Ultimatemember	Ultimate Member	2.0.6	All	All	All
Application	Ultimatemember	Ultimate Member	2.0.54	All	All	All

Results limited to 20 most recent known configurations