CVE-2025-12492

Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions prior to 2.11.1

Description The Ultimate Member plugin for WordPress is affected by a sensitive information exposure issue. Insufficient authorization checks on an unauthenticated AJAX endpoint, combined with the use of a predictable low-entropy token, allows unauthenticated attackers to extract sensitive data. This data includes usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs. The issue stems from the ajax get members function and the use of a predictable token (5 hex characters derived from md5 of post ID) to identify member directories. Attackers can enumerate predictable directory id values or brute-force the token space to access this information.

Recommendations Update the Ultimate Member plugin to version 2.11.1 or later.