Code Injection Vulnerability in Ultimate Member by Ultimate Member
CVE-2025-47691

5.5MEDIUM

Key Information:

Vendor: WordPress
Status: Ultimate Member
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-47691?

Ultimate Member, a popular WordPress plugin, is vulnerable to code injection attacks, which could allow an attacker to execute arbitrary code on the server. This vulnerability affects all versions from release to 2.10.3, potentially compromising user data and site integrity. Users are advised to update to the latest version to mitigate this risk. For more details, refer to the security advisory available on Patchstack.

Affected Version(s)

Ultimate Member <= 2.10.3

References

https://patchstack.com/database/wordpress/plugin/ultimate...

vdb-entry

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)