3 matches found
CVE-2026-4248
The CVE-2026-4248 entry concerns the Ultimate Member WordPress plugin with a vulnerability in versions up to 2.11.2. The issue arises because the '{usermeta:password_reset_link}' template tag is processed inside post content via the [um_loggedin] shortcode, generating a valid password reset token...
CVE-2025-22672
CVE-2025-22672 is a Server-Side Request Forgery (SSRF) vulnerability affecting WordPress plugin “Video & Photo Gallery for Ultimate Member” (versions up to and including 1.1.2). The issue, confirmed in multiple sources, is due to SSRF in the plugin and is listed as affecting versions from n/a thr...
Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts
As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 CVSS score: 9.8, impacts all versions of the Ultimate Member plugin, including the latest version 2.6.6 tha...