EUVD-2026-16901
GHSA-65gh-443q-r8g2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authenticated attackers, with Contributor-level access and above, to craft a malicious pending post that, when previewed by an Administrator, generates a password reset token for the Administrator and exfiltrates it to an attacker-controlled server, leading to full account takeover.
Analysis
A information disclosure vulnerability in for WordPress is vulnerable to Sensitive Information Exposure in all (CVSS 8.0). High severity vulnerability requiring prompt remediation.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all WordPress installations using Ultimate Member plugin and document current versions via plugin dashboard; disable the '[um_loggedin]' shortcode functionality site-wide as interim protection. Within 7 days: Update Ultimate Member to version 2.11.3 or later once vendor releases patch; alternatively migrate to a maintained alternative authentication plugin. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today