CVE-2025-0318

Name of the Vulnerable Software and Affected Versions The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress versions 2.9.1 and earlier

Description The issue allows unauthenticated attackers to exfiltrate data from the wp usermeta table due to different error messages in the responses. This enables information exposure, making it possible for attackers to access sensitive data.

Recommendations For versions 2.9.1 and earlier, update to a version later than 2.9.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.