Ultimate Membership Pro
Monthly
Authentication bypass in Ultimate Membership Pro WordPress plugin versions through 13.7 enables remote attackers to circumvent access controls via alternate authentication paths, potentially achieving complete account takeover. Attack complexity is rated high (AC:H) but requires no authentication or user interaction. EPSS score is low (0.02%, 6th percentile) indicating minimal observed exploitation activity. No active exploitation confirmed by CISA KEV at time of analysis. SSVC framework rates technical impact as total with exploitation status of none.
Authentication bypass in Ultimate Membership Pro WordPress plugin versions through 13.7 enables remote attackers to circumvent access controls via alternate authentication paths, potentially achieving complete account takeover. Attack complexity is rated high (AC:H) but requires no authentication or user interaction. EPSS score is low (0.02%, 6th percentile) indicating minimal observed exploitation activity. No active exploitation confirmed by CISA KEV at time of analysis. SSVC framework rates technical impact as total with exploitation status of none.