Authentication Bypass Vulnerability in Ultimate Membership Pro by Azzaroco
CVE-2026-25357

8.1HIGH

Key Information:

Vendor: WordPress
Status: Ultimate Membership Pro
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-25357?

The Ultimate Membership Pro plugin by Azzaroco has an authentication bypass vulnerability that allows unauthorized users to gain access by exploiting an alternate path or channel. This issue affects versions up to and including 13.7, posing a risk of authentication abuse that could potentially lead to unauthorized account access.

Affected Version(s)

Ultimate Membership Pro <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/indeed-m...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

Phat RiO | Patchstack Bug Bounty Program

CVE-2026-25357 Data

JSON

WordPress

What is CVE-2026-25357?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit