Primary

Context

Ultimate Member WordPress Plugin Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing information exposure has been identified in the Ultimate Member WordPress plugin, specifically in versions through 2.9.1. The issue arises from the plugin's error handling, which inadvertently reveals sensitive information through various error messages. This flaw enables unauthenticated attackers to extract data from the WordPress usermeta database table.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive user metadata, which could include personal information and other private details stored in the usermeta table.

Remediation

Users can address this vulnerability by updating the Ultimate Member WordPress plugin to version 2.9.2 or a later patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ultimate Member WordPress Plugin Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ultimate Member

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating