CVE-2025-13220
Unknown Unknown - Not Provided
Stored XSS in Ultimate Member Plugin Allows Script Injection

Publication date: 2025-12-21

Last updated on: 2025-12-21

Assigner: Wordfence

Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-21
Last Modified
2025-12-21
Generated
2026-06-16
AI Q&A
2025-12-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13220
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ultimate_member ultimate_member *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow attackers with Contributor-level access or above to inject malicious scripts into pages viewed by other users. This can lead to unauthorized actions performed on behalf of users, theft of sensitive information such as cookies or session tokens, defacement of website content, or distribution of malware. The impact includes loss of data integrity, user trust, and potential compromise of user accounts.

Executive Summary

The vulnerability in the Ultimate Member WordPress plugin is a Stored Cross-Site Scripting (XSS) issue that occurs via the plugin's shortcode attributes. It affects all versions up to and including 2.11.0. Due to insufficient input sanitization and output escaping, authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. These scripts execute whenever any user accesses the injected page, potentially compromising user interactions and site security.

Detection Guidance

This vulnerability can be detected by checking if your WordPress site is running the Ultimate Member plugin version 2.11.0 or earlier, as these versions are vulnerable to stored Cross-Site Scripting via shortcode attributes. You can verify the plugin version via the WordPress admin dashboard or by running the following command on your server to check the plugin version in the plugin directory: ```bash grep 'Version:' wp-content/plugins/ultimate-member/ultimate-member.php ``` Additionally, to detect potential exploitation attempts, monitor HTTP requests for suspicious shortcode attribute payloads containing script tags or unusual JavaScript code in pages served by the plugin. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such patterns. However, no specific detection commands are provided in the resources. [1, 3]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Ultimate Member plugin to version 2.11.1 or later, as this update includes extensive security fixes addressing the stored Cross-Site Scripting issue. Applying this update will ensure that input sanitization and output escaping are properly handled to prevent script injection via shortcode attributes. Until the update is applied, restrict Contributor-level and above user permissions carefully to minimize risk. [1]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart