{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0318", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-07T22:50:30.349Z", "datePublished": "2025-01-18T05:33:49.324Z", "dateUpdated": "2026-04-08T16:51:55.551Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:55.551Z"}, "affected": [{"vendor": "ultimatemember", "product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table."}], "title": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ee149bf-ffa3-4906-8be2-9c3c40b28287?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.9.1/includes/core/um-actions-form.php#L944"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "timeline": [{"time": "2024-12-04T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-01-17T16:40:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-22T14:19:38.370626Z", "id": "CVE-2025-0318", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T14:19:41.702Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-22T14:19:38.370626Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T14:19:22.573Z"}}], "cna": {"title": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "ultimatemember", "product": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.9.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-12-04T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-01-17T16:40:14.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ee149bf-ffa3-4906-8be2-9c3c40b28287?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.9.1/includes/core/um-actions-form.php#L944"}], "descriptions": [{"lang": "en", "value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:55.551Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0318", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:51:55.551Z", "dateReserved": "2025-01-07T22:50:30.349Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-01-18T05:33:49.324Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "62D6973F-EEC4-49AE-A90D-06EE59EB3287", "versionEndExcluding": "2.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table."}, {"lang": "es", "value": "El complemento Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction &amp; Membership Plugin para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta incluida, 2.9.1 a trav\u00e9s de diferentes mensajes de error en las respuestas. Esto permite que atacantes no autenticados extraigan datos de la tabla wp_usermeta."}], "id": "CVE-2025-0318", "lastModified": "2025-02-25T22:09:05.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-01-18T06:15:28.017", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.9.1/includes/core/um-actions-form.php#L944"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ee149bf-ffa3-4906-8be2-9c3c40b28287?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T13:32:36.431958+00:00", "value": {"mitigation_remediation": ["Upgrade the Ultimate Member plugin to version 2.9.2 or later to remove the error\u2011based information disclosure.", "If an upgrade is not feasible immediately, disable the plugin or remove it from the WordPress installation to prevent the vulnerable code from running.", "After updating or disabling, review the wp_usermeta table and disconnect any legacy entries that were potentially exposed, and ensure that database access permissions are restricted to the minimum required for WordPress."], "summary": {"action": "Apply Patch", "impact": "Information Exposure"}, "threat_synthesis": {"affected_systems": "WordPress sites running any version of the Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin with a version number of 2.9.1 or earlier are impacted. The plugin is distributed under the cpe string cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*.", "description_and_impact": "The vulnerability exists in the Ultimate Member plugin for WordPress up to version 2.9.1 and is caused by error messages that expose sensitive data. An unauthenticated attacker can trigger these messages to read entries from the wp_usermeta table, which contains user account metadata such as passwords, capabilities and personal information. If exploited, the attacker would gain confidential data about site users and could use it for account takeover or social engineering.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% shows that the likelihood of public exploitation is low, and the vulnerability is not listed in CISA\u2019s KEV catalog. Nonetheless, the potential for unauthorized data exposure means the risk is non\u2011negligible, especially on sites with sensitive user data. Exploitation requires no authentication and only the ability to fire the error\u2011producing requests against the plugin\u2019s form handling endpoint."}}}}, "created": "2026-04-22T13:45:18.285164+00:00", "updated": "2026-04-22T13:45:18.285194+00:00", "vendors": []}