CVE-2025-14081
Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the `required_perm` check is applied during rendering. This makes it possible for authenticated attackers with Subscriber-level access to modify their profile privacy settings (e.g., setting profile to "Only me") via direct parameter manipulation, even when the administrator has explicitly disabled the option for their role.
| CWE | CWE-863 |
| Vendor | ultimatemember |
| Product | ultimate member – user profile, registration, login, member directory, content restriction & membership plugin |
| Published | Dec 17, 2025 |
| Last Updated | Apr 8, 2026 |
Get instant alerts for ultimatemember ultimate member – user profile, registration, login, member directory, content restriction & membership plugin
Be the first to know when new medium vulnerabilities affecting ultimatemember ultimate member – user profile, registration, login, member directory, content restriction & membership plugin are published — delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N