All 4 CVE vulnerabilities found in Ultimate Membership Pro, with AI-generated Chinese analysis, references, and POCs.
Vendor: azzaroco
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-25357 | WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability CWE-288 | 8.1 | High | 2026-03-25 |
| CVE-2024-43242 | WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated PHP Object Injection vulnerability CWE-502 | 9.8AI | CriticalAI | 2024-08-19 |
| CVE-2024-43240 | WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated Privilege Escalation vulnerability CWE-287 | 9.4 | Critical | 2024-08-19 |
| CVE-2024-43241 | WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 | 7.1 | High | 2024-08-18 |
All 4 known CVE vulnerabilities affecting Ultimate Membership Pro with full Chinese analysis, references, and POCs where available.