Ultimate Member: Incorrect Access Control Exposes Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Ultimate Member: Incorrect Access Control Exposes Sensitive Data

CVE-2026-39659

Summary

A security issue in Ultimate Member could allow unauthorized users to access sensitive data. This is because access control settings are not properly enforced. To fix this, update to a version of Ultimate Member that is not vulnerable, which is version 2.11.4 or later.

Original title

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: fr...

Original description

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/ultimate-member/vulnerability/w...

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026