CVE-2025-12492 | Ultimate Member Plugin up to 2.11.0 on WordPress AJAX Endpoint ajax_get_members directory_id information disclosure

A vulnerability was found in Ultimate Member Plugin up to 2.11.0 on WordPress. It has been declared as problematic. Impacted is the function ajax_get_members of the component AJAX Endpoint. Executing manipulation of the argument directory_id can lead to information disclosure.

This vulnerability is tracked as CVE-2025-12492. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More