CVE-2025-14081
Unknown Unknown - Not Provided
Profile Privacy Bypass in Ultimate Member WordPress Plugin

Publication date: 2025-12-17

Last updated on: 2025-12-17

Assigner: Wordfence

Description
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the `required_perm` check is applied during rendering. This makes it possible for authenticated attackers with Subscriber-level access to modify their profile privacy settings (e.g., setting profile to "Only me") via direct parameter manipulation, even when the administrator has explicitly disabled the option for their role.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-17
Generated
2026-06-16
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14081
EUVD
EUVD-2025-203925
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ultimate_member ultimate_member *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Ultimate Member WordPress plugin allows authenticated users with Subscriber-level access to bypass profile privacy settings. Due to a flaw in the secure fields mechanism, field keys are added to the allowed fields list before the required permission check is applied during rendering. This means users can manipulate parameters directly to change their profile privacy settings (such as setting their profile visibility to "Only me"), even if the administrator has disabled this option for their role.

Impact Analysis

This vulnerability can impact you by allowing lower-privileged users (Subscribers) to modify their profile privacy settings in ways that administrators intended to restrict. This could lead to unauthorized privacy configurations, potentially affecting how user information is shared or displayed on your site, undermining administrative control over user privacy settings.

Mitigation Strategies

To mitigate this vulnerability, immediately update the Ultimate Member plugin to a version later than 2.11.0 where the profile privacy setting bypass flaw is fixed. Additionally, restrict Subscriber-level users from modifying profile privacy settings by reviewing and adjusting role permissions if possible. Monitor and audit user profile changes for suspicious direct parameter manipulation attempts. Consider disabling or limiting the use of profile privacy settings until the plugin is updated.

Compliance Impact

This vulnerability allows authenticated users with Subscriber-level access to bypass profile privacy settings, potentially exposing personal information that administrators intended to restrict. Such unauthorized disclosure of personal data could lead to non-compliance with privacy regulations like GDPR and HIPAA, which require strict controls over personal data access and privacy settings. Therefore, the vulnerability poses a risk to compliance by undermining enforced privacy controls.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14081. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart