Is "Ultimate Member" safe?
WordPress Plugin security and safety information.
Rating: Good (current version safe)
Recommendations
Ultimate Member: Plugin Details
| Type: | Plugin |
| Author: | Ultimate Member |
| URL: | https://wordpress.org/plugins/ultimate-member/ |
| Latest Version: | 2.10.1 |
Ultimate Member: Security Information
| Insecure versions: | Up To 2.9.2 |
| Known since: | 2025-02-21 02:00:41 |
| Insecure versions: | Up To 2.9.1 |
| Known since: | 2025-01-18 02:00:27 |
| Insecure versions: | Up To 2.9.1 |
| Known since: | 2025-01-17 21:30:19 |
| Insecure versions: | Up To 2.8.9 |
| Known since: | 2024-11-21 02:01:02 |
| Insecure versions: | Up To 2.8.6 |
| Known since: | 2024-10-04 02:00:32 |
| Insecure versions: | Up To 2.8.6 |
| Known since: | 2024-10-04 02:00:31 |
| Insecure versions: | Up To 2.8.3 |
| Known since: | 2024-03-08 20:33:47 |
| Insecure versions: | Up To 2.1.3 |
| Known since: | 2024-03-08 20:33:46 |
| Insecure versions: | Up To 2.6.0 |
| Known since: | 2023-07-18 16:02:48 |
| Insecure versions: | Up To 2.6.6 |
| Known since: | 2023-06-30 02:00:37 |
| Insecure versions: | Up To 2.5.0 |
| Known since: | 2022-10-31 08:40:43 |
| Insecure versions: | Up To 2.5.0 |
| Known since: | 2022-10-31 08:39:25 |
| Insecure versions: | Up To 2.5.0 |
| Known since: | 2022-10-31 08:38:17 |
| Insecure versions: | Up To 2.5.0 |
| Known since: | 2022-10-31 08:34:40 |
| Insecure versions: | Up To 2.3.2 |
| Known since: | 2022-06-03 15:09:19 |
| Insecure versions: | Up To 2.3.1 |
| Known since: | 2022-05-02 07:24:55 |
| Insecure versions: | Up To 2.1.19 |
| Known since: | 2021-05-10 17:44:11 |
| Insecure versions: | Up To 2.1.11 |
| Known since: | 2020-11-10 02:45:37 |
| Description: | Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability or any custom Ultimate Member role and effectively be granted those privileges. |
| Insecure versions: | Up To 2.1.11 |
| Known since: | 2020-11-10 02:44:16 |
| Description: | Due to the fact that Ultimate Member allowed the creation of new roles, this plugin also made it possible for site administrators to grant secondary Ultimate Member roles for all users upon a /wp-admin profile update. |
| Insecure versions: | Up To 2.1.11 |
| Known since: | 2020-11-10 02:43:00 |
| Description: | An attacker could supply an array parameter for sensitive meta data such as the wp_capabilities user meta which defines a user’s role. |
| Insecure versions: | Up To 2.1.6 |
| Known since: | 2020-08-12 14:35:59 |
| Insecure versions: | Up To 1.3.17 |
| Known since: | 2019-08-29 03:39:47 |
| Insecure versions: | Up To 2.0 |
| Known since: | 2019-08-29 03:34:01 |
| Insecure versions: | Up To 2.0.5 |
| Known since: | 2019-08-29 03:33:52 |
| Insecure versions: | Up To 1.3.89 |
| Known since: | 2019-08-29 03:33:45 |
| Insecure versions: | Up To 2.0.17 |
| Known since: | 2019-08-29 03:33:28 |
| Insecure versions: | Up To 2.0.27 |
| Known since: | 2019-08-29 03:32:10 |
| Insecure versions: | Up To 1.3.39 |
| Known since: | 2019-08-29 03:29:30 |
| Insecure versions: | Up To 2.0.53 |
| Known since: | 2019-08-16 12:49:59 |
| Insecure versions: | Up To 2.0.51 |
| Known since: | 2019-07-12 11:16:35 |
| Insecure versions: | Up To 2.0.45 |
| Known since: | 2019-05-17 18:03:46 |
| Insecure versions: | Up To 2.0.45 |
| Known since: | 2019-05-14 12:46:48 |
| Insecure versions: | Up To 2.0.39 |
| Known since: | 2019-04-05 02:07:00 |
| Insecure versions: | Up To 2.0.32 |
| Known since: | 2018-11-28 15:49:23 |
| Insecure versions: | Up To 2.0.21 |
| Known since: | 2018-08-14 15:27:27 |
| Insecure versions: | Up To 2.0.21 |
| Known since: | 2018-08-11 14:36:59 |
| Insecure versions: | Up To 1.3.75 |
| Known since: | 2016-12-13 23:57:13 |
| Insecure versions: | Up To 1.3.64 |
| Known since: | 2016-07-11 22:28:33 |
| Insecure versions: | Up To 1.3.28 |
| Known since: | 2015-11-25 04:42:05 |
| Insecure versions: | Up To 1.3.28 |
| Known since: | 2015-11-25 04:42:05 |
Ultimate Member: Safety Recommendations
We have rated Ultimate Member as Good (current version safe) which means that we have found vulnerabilities in older versions.
We recommend that you only use the latest version of Ultimate Member.
Ultimate Member: Staying Up-to-date
Make sure your installation of Ultimate Member is safe with the following free Jetpack services for WordPress sites:
- Updates & Management
Turn on auto-updates for Ultimate Member or manage in bulk. - Prevent Infiltrations
Automatic protection against brute force attacks and secure sign on.
Ultimate Member: Keeping Safe
If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
- Automated Backups
Full backup of your entire site with unlimited storage space. - Restores & Migrations
Restore or migrate your site from a backup with one click. - Security Scanning
Regular, automated scans of your site for malware, threats, and hacks. - Expert Support
Fast, priority support for any WordPress security issue.
About this information
This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.
If you have any questions, please do not hesitate to contact us.
Jetpack 