Description
WordPress Plugin Ultimate Membership Pro is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently generate an export containing PII (username, email address, IP address, User-Agent and so on), as well as generate authentication links by suppling an ID or Username. WordPress Plugin Ultimate Membership Pro version 8.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 8.6.1 or latest
References
Related Vulnerabilities
Chamilo Improper Privilege Management Vulnerability (CVE-2026-40291)
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-55891)
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)
WordPress Plugin W3 Total Cache Multiple Unspecified Vulnerabilities (0.9.5.1)
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1614)