CVE-2025-47691
WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <= 2.10.3.
| CWE | CWE-94 |
| Vendor | ultimate member |
| Product | ultimate member |
| Published | May 7, 2025 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for ultimate member ultimate member
Be the first to know when new unknown vulnerabilities affecting ultimate member ultimate member are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Ultimate Member / Ultimate Member
0 ≤ 2.10.3
References
Credits
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program