CVE-2025-0318

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-0318

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0318.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-0318

Published

2025-01-18T06:15:28.017Z

Modified

2026-04-10T05:20:15.260073Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table.

References

Affected packages

Git / github.com/ultimatemember/ultimatemember

Affected ranges

Type

GIT

Repo

https://github.com/ultimatemember/ultimatemember

Events

Introduced

Fixed

8be21484099e6f43454c6327c4948f5e3dbdde80

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.9.2"
        }
    ]
}

Affected versions

1.*

1.3.48

1.3.59

1.3.88

1.3.88.4

1.3.88.5

1.3.88.6

2.*

2.0.10

2.0.11

2.0.16

2.0.17

2.0.24

2.0.34

2.0.35

2.0.37

2.0.38

2.0.39

2.0.4

2.0.41

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.5

2.0.50

2.0.53

2.0.54

2.0.9

2.1.0

2.1.0-rc.1

2.1.0-rc.2

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.2

2.1.2-rc.1

2.1.20

2.1.3

2.1.3-rc.1

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.6.1

2.6.10

2.6.11

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

pre-v1.*

pre-v1.3.50

pre-v1.3.69.16

pre-v1.3.69.17

pre-v1.3.69.18

pre-v1.3.69.19

pre-v1.3.69.20

pre-v1.3.69.21

pre-v1.3.69.22

pre-v1.3.69.23

pre-v1.3.69.24

pre-v1.3.69.25

v1.*

v1.3.29

v1.3.30

v1.3.32

v1.3.35

v1.3.36

v1.3.37

v1.3.38

v1.3.39

v1.3.40

v1.3.41

v1.3.42

v1.3.43

v1.3.44

v1.3.45

v1.3.47

v1.3.49

v1.3.51

v1.3.52

v1.3.53

v1.3.54

v1.3.55

v1.3.56

v1.3.60

v1.3.61

v1.3.62

v1.3.63

v1.3.64

v1.3.65

v1.3.66

v1.3.67

v1.3.68

v1.3.69

v1.3.71

v1.3.72

v1.3.73

v1.3.74

v1.3.75

v1.3.76

v1.3.78

v1.3.79

v1.3.81

v1.3.82

v1.3.83

v1.3.84

v1.3.88.1

v1.3.88.2

v1.3.88.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0318.json"