Primary

Context

azzaroco Ultimate Membership Pro Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Patched

A vulnerability allowing authentication bypass has been identified in the azzaroco Ultimate Membership Pro plugin, specifically in versions through 13.7. This vulnerability allows for authentication abuse, enabling malicious actors to perform actions typically reserved for higher-privileged users, potentially leading to unauthorized admin access.

Impact

Exploitation of this vulnerability could result in unauthorized access to user accounts, with the potential for gaining administrative privileges on the affected WordPress site.

Remediation

Users of the Ultimate Membership Pro plugin should update to version 13.7.1 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Mar 25, 2026, 8:28 PM

Updated: Mar 25, 2026, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.6

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.6

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

azzaroco Ultimate Membership Pro Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

azzaroco Ultimate Membership Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating