Skip to main content

Ultimate Membership Pro

1 CVEs product

Monthly

CVE-2026-25357 HIGH This Week

Authentication bypass in Ultimate Membership Pro WordPress plugin versions through 13.7 enables remote attackers to circumvent access controls via alternate authentication paths, potentially achieving complete account takeover. Attack complexity is rated high (AC:H) but requires no authentication or user interaction. EPSS score is low (0.02%, 6th percentile) indicating minimal observed exploitation activity. No active exploitation confirmed by CISA KEV at time of analysis. SSVC framework rates technical impact as total with exploitation status of none.

Authentication Bypass Ultimate Membership Pro
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH This Week

Authentication bypass in Ultimate Membership Pro WordPress plugin versions through 13.7 enables remote attackers to circumvent access controls via alternate authentication paths, potentially achieving complete account takeover. Attack complexity is rated high (AC:H) but requires no authentication or user interaction. EPSS score is low (0.02%, 6th percentile) indicating minimal observed exploitation activity. No active exploitation confirmed by CISA KEV at time of analysis. SSVC framework rates technical impact as total with exploitation status of none.

Authentication Bypass Ultimate Membership Pro
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy