{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25357", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:52:48.541Z", "datePublished": "2026-03-25T16:14:44.726Z", "dateUpdated": "2026-04-28T16:14:56.691Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected", "packageName": "indeed-membership-pro", "product": "Ultimate Membership Pro", "vendor": "azzaroco", "versions": [{"changes": [{"at": "13.7.1", "status": "unaffected"}], "lessThanOrEqual": "13.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:18:27.223Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.<p>This issue affects Ultimate Membership Pro: from n/a through <= 13.7.</p>"}], "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:56.691Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/indeed-membership-pro/vulnerability/wordpress-ultimate-membership-pro-plugin-13-7-account-takeover-vulnerability?_s_id=cve"}], "title": "WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T17:07:32.077061Z", "id": "CVE-2026-25357", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T01:34:24.779Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25357", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T17:07:32.077061Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:06:51.137Z"}}], "cna": {"title": "WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "Authentication Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "azzaroco", "product": "Ultimate Membership Pro", "versions": [{"status": "affected", "changes": [{"at": "13.7.1", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "13.7"}], "packageName": "indeed-membership-pro", "collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:18:27.223Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/indeed-membership-pro/vulnerability/wordpress-ultimate-membership-pro-plugin-13-7-account-takeover-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7.", "supportingMedia": [{"type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.<p>This issue affects Ultimate Membership Pro: from n/a through <= 13.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:09.190Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25357", "state": "PUBLISHED", "dateUpdated": "2026-04-28T01:34:24.779Z", "dateReserved": "2026-02-02T12:52:48.541Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:44.726Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n Usando una Ruta o Canal Alternativo en azzaroco Ultimate Membership Pro indeed-membership-pro permite Abuso de Autenticaci\u00f3n. Este problema afecta a Ultimate Membership Pro: desde n/a hasta &lt;= 13.7."}], "id": "CVE-2026-25357", "lastModified": "2026-04-28T02:16:05.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-03-25T17:16:46.743", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/indeed-membership-pro/vulnerability/wordpress-ultimate-membership-pro-plugin-13-7-account-takeover-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,13.7]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Ultimate Membership Pro", "source": "cna", "vendor": "azzaroco"}, "product": "ultimate_membership_pro", "vendor": "azzaroco"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-26T18:44:50.963478+00:00", "value": {"mitigation_remediation": ["Update Ultimate Membership Pro to a version newer than 13.7 as soon as possible.", "If an update is not available, disable or uninstall the plugin to prevent exploitation.", "Reset passwords for all privileged accounts and monitor logs for suspicious login attempts.", "Audit any custom code that interacts with the plugin to ensure it does not expose the same authentication path."], "summary": {"action": "Immediate Patch", "impact": "Account Takeover via Authentication Bypass"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Ultimate Membership Pro plugin version 13.7 or earlier are affected. The vulnerability applies to all installations of the plugin from the earliest version included up to 13.7.", "description_and_impact": "This vulnerability allows an attacker to bypass authentication by using an alternate path or channel within the Ultimate Membership Pro plugin, enabling unauthorized access to user accounts. The flaw falls under improper authentication (CWE\u2011288) and can lead to full account takeover, allowing modification of content, impersonation, or data exfiltration.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high severity, while the EPSS score of less than 1% suggests a low likelihood of current exploitation. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the likely attack vector involves crafting a request through a different internal route or parameter that the plugin does not properly authenticate, allowing an attacker to gain access without valid credentials."}}}}, "created": "2026-03-25T21:44:55.897593+00:00", "updated": "2026-03-27T09:45:58.638562+00:00", "vendors": ["azzaroco", "azzaroco$PRODUCT$ultimate_membership_pro", "wordpress", "wordpress$PRODUCT$wordpress"]}