Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2025-15064	Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	6.4	2026-04-04 07:41:57	Deep Dive
CVE-2026-4248	Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	High	8.0	2026-03-27 22:26:23	Deep Dive
CVE-2026-1404	Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	6.1	2026-02-18 14:24:59	Deep Dive
CVE-2025-13220	Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	6.4	2025-12-21 03:20:06	Deep Dive
CVE-2025-12492	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	5.3	2025-12-20 08:22:10	Deep Dive
CVE-2025-66116	WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability	UserElements	Ultimate Member Widgets for Elementor	-	-	2025-12-18 07:22:19	Deep Dive
CVE-2025-14081	Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	4.3	2025-12-17 18:21:36	Deep Dive
CVE-2025-13217	Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	6.4	2025-12-17 18:21:35	Deep Dive
CVE-2025-14154	Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting	wordplus	Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	Medium	6.1	2025-12-17 05:24:55	Deep Dive
CVE-2025-67474	WordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerability	Ultimate Member	ForumWP	-	-	2025-12-09 14:13:57	Deep Dive
CVE-2025-12778	Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure	userelements	Ultimate Member Widgets for Elementor – WordPress User Directory	Medium	5.3	2025-11-20 04:37:14	Deep Dive
CVE-2025-47691	WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability	Ultimate Member	Ultimate Member	Medium	5.5	2025-05-07 14:20:57	Deep Dive
CVE-2025-32121	WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.3 - SQL Injection vulnerability	SuitePlugins	Video & Photo Gallery for Ultimate Member	High	7.6	2025-04-04 15:58:22	Deep Dive
CVE-2025-22672	WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.2 - Server Side Request Forgery (SSRF) vulnerability	SuitePlugins	Video & Photo Gallery for Ultimate Member	Medium	4.9	2025-03-27 14:11:50	Deep Dive
CVE-2025-30890	WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability	SuitePlugins	Login Widget for Ultimate Member	High	7.5	2025-03-27 10:55:44	Deep Dive
CVE-2025-1702	Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	High	7.5	2025-03-05 11:22:09	Deep Dive
CVE-2024-13697	Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links	wordplus	Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	Medium	4.8	2025-03-01 08:23:21	Deep Dive
CVE-2024-13611	Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory	wordplus	Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	High	7.5	2025-03-01 08:23:20	Deep Dive
CVE-2024-12276	Ultimate Member <= 2.9.2 - Authenticated SQL Injection	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	5.3	2025-02-21 09:21:06	Deep Dive
CVE-2024-13612	Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	wordplus	Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	Medium	6.4	2025-02-01 12:21:31	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List