CVE-2025-12492 | Ultimate Member Plugin up to 2.11.0 on WordPress AJAX Endpoint ajax_get_members directory_id information disclosure

Inserito da Angelo Barbosa | Dic 20, 2025 | CVE

A vulnerability was found in Ultimate Member Plugin up to 2.11.0 on WordPress. It has been declared as problematic. Impacted is the function ajax_get_members of the component AJAX Endpoint. Executing manipulation of the argument directory_id can lead to information disclosure.

This vulnerability is tracked as CVE-2025-12492. The attack can be launched remotely. No exploit exists.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

CVE-2025-12492 | Ultimate Member Plugin up to 2.11.0 on WordPress AJAX Endpoint ajax_get_members directory_id information disclosure

Post correlati

CVE-2024-34989 | RSI PDF HTML Catalog Evolution Module up to 7.0.0 on PrestaShop queryDb sql injection

CVE-2025-23195 | Apache Ambari up to 2.7.8 DocumentBuilderFactory xml external entity reference

CVE-2024-3292 | Tenable Nessus Agent up to 10.6.3 on Windows Installation toctou

CVE-2024-33470 | AVTECH Room Alert 4E 4.4.0 SMTP Email Setting missing encryption