| CVE-2026-1404 | Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.1 | 2026-02-18 14:24:59 | Deep Dive |
| CVE-2025-15030 | User Profile Builder < 3.15.2 - Unauthenticated Arbitrary Password Reset | Unknown | User Profile Builder | - | - | 2026-02-02 06:00:02 | Deep Dive |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-01-10 08:22:57 | Deep Dive |
| CVE-2025-14047 | WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | Medium | 5.3 | 2026-01-02 01:48:20 | Deep Dive |
| CVE-2025-13220 | Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-21 03:20:06 | Deep Dive |
| CVE-2025-12492 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-12-20 08:22:10 | Deep Dive |
| CVE-2025-14081 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2025-12-17 18:21:36 | Deep Dive |
| CVE-2025-13217 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-17 18:21:35 | Deep Dive |
| CVE-2025-13367 | User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-13320 | WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter | wpusermanager | WP User Manager – User Profile Builder & Membership | Medium | 6.8 | 2025-12-12 03:20:51 | Deep Dive |
| CVE-2025-13642 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.4 | 2025-12-09 15:23:48 | Deep Dive |
| CVE-2025-13054 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-11-19 05:45:12 | Deep Dive |
| CVE-2025-9693 | User Meta – User Profile Builder and User management plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion | khaledsaikat | User Meta – User Profile Builder and User management plugin | High | 8.0 | 2025-09-11 07:25:00 | Deep Dive |
| CVE-2025-10003 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.5 | 2025-09-06 02:24:19 | Deep Dive |
| CVE-2025-9085 | User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.9 | 2025-09-06 02:24:18 | Deep Dive |
| CVE-2025-9344 | UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.4 | 2025-08-28 01:46:29 | Deep Dive |
| CVE-2025-8878 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2025-08-16 11:11:24 | Deep Dive |
| CVE-2025-8896 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-08-16 06:39:22 | Deep Dive |
| CVE-2025-6831 | User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-07-22 01:44:28 | Deep Dive |
| CVE-2025-49980 | WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability | WP Event Manager | WP User Profile Avatar | Medium | 4.3 | 2025-06-20 15:04:13 | Deep Dive |