CVE-2025-0318

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 18, 2025

CWE ID 200

Summary

CVE-2025-0318 is a newly disclosed vulnerability affecting the Ultimate Member plugin for WordPress. This information exposure issue, present in versions up to 2.9.1, allows unauthenticated attackers to extract data from the wp_usermeta table by interpreting specific error messages in responses. The vulnerability poses a significant risk to WordPress sites using the affected plugin, potentially leading to sensitive user information being exfiltrated. Users are strongly urged to update the plugin to a secure version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2Re5Nk
https://www.cve.org/CVERecord?id=CVE-2025-0318
https://nvd.nist.gov/vuln/detail/CVE-2025-0318

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-0318

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations