EUVD-2026-15677
GHSA-7q8x-g7w6-4685
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7.
Analysis
Ultimate Membership Pro through version 13.7 contains an authentication bypass vulnerability that allows attackers to access the application via alternate authentication channels without valid credentials. An unauthenticated remote attacker can exploit this vulnerability by manipulating the authentication mechanism, potentially gaining unauthorized access to user accounts and sensitive membership data. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today