[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$femZI1KSTLX7Jx-bw658NAE7NDycmhf4d24dTvwhToWs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":90,"crawl_stats":38,"alternatives":98,"analysis":181,"fingerprints":750},"gallery-for-ultimate-member","Video & Photo Gallery for Ultimate Member","1.1.3","SuitePlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fsuiteplugins\u002F","\u003Cp>Transform Your Ultimate Member Experience with Our Photo\u002FVideo Gallery Addon\u003C\u002Fp>\n\u003Cp>Elevate your Ultimate Member site with the Gallery for Ultimate Member, a top-tier photo gallery plugin that brings life to your community through vibrant media sharing.\u003C\u002Fp>\n\u003Ch3>Exceptional Features:\u003C\u002Fh3>\n\u003Ch3>🌟 User-Centric Media Galleries\u003C\u002Fh3>\n\u003Cp>Empower users to upload and manage their photos and videos with ease. Our addon allows members to craft personal galleries that reflect their unique interests and memories, adding a personal touch to each profile.\u003C\u002Fp>\n\u003Ch3>πŸ“± Responsive & Mobile-Friendly Design\u003C\u002Fh3>\n\u003Cp>Experience flawless viewing across all devices. Our galleries are optimized for responsiveness, ensuring users enjoy their content on smartphones, tablets, and desktops alike.\u003C\u002Fp>\n\u003Ch3>🀝 Seamless Ultimate Member Integration\u003C\u002Fh3>\n\u003Cp>Designed to blend perfectly with Ultimate Member, this addon guarantees a cohesive user experience, maintaining your site’s style and functionality.\u003C\u002Fp>\n\u003Ch3>✨ Intuitive Drag-and-Drop Interface\u003C\u002Fh3>\n\u003Cp>Uploading media is a breeze with our user-friendly interface, catering to users of all skill levels. Simply drag and drop to start sharing!\u003C\u002Fp>\n\u003Ch3>πŸ”— Enhanced Social Networking\u003C\u002Fh3>\n\u003Cp>Deepen member connections by enabling shared media experiences. This addon amplifies the social aspects of Ultimate Member, fostering community spirit.\u003C\u002Fp>\n\u003Ch3>πŸ”’ Advanced Privacy Control (Pro Version)\u003C\u002Fh3>\n\u003Cp>Empower users with control over their privacy. Members can choose to share their media with everyone, friends, or keep it private.\u003C\u002Fp>\n\u003Ch3>Exclusive Demos and Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuitepluginsdemo.com\u002Fgallery-ultimate-member\u002Fuser\u002Fogersavi\u002F?profiletab=gallery&utm_source=wordpress&utm_medium=demo\" rel=\"nofollow ugc\">Pro Profile Album Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuitepluginsdemo.com\u002Fgallery-ultimate-member\u002Fuser\u002Fogersavi\u002F?profiletab=gallery&album_id=3&utm_source=wordpress&utm_medium=demo\" rel=\"nofollow ugc\">Pro Single Album Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuitepluginsdemo.com\u002Fgallery-ultimate-member\u002F?profiletab=gallery&album_id=7&utm_source=wordpress&utm_medium=demo\" rel=\"nofollow ugc\">Shortcodes Display\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fgallery-for-ultimate-members\u002F?utm_source=wp_repo&utm_medium=link&utm_campaign=um_gallery_lite&utm_id=wp\" rel=\"nofollow ugc\">Get the Pro Version\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What Sets Our Plugin Apart:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Customizable Lightbox Window\u003C\u002Fli>\n\u003Cli>Editable User Captions\u003C\u002Fli>\n\u003Cli>Recent Uploads Display on Profile\u003C\u002Fli>\n\u003Cli>Admin Configuration Panel\u003C\u002Fli>\n\u003Cli>Priority Customer Support\u003C\u002Fli>\n\u003Cli>Choice of Grid Layout\u003C\u002Fli>\n\u003Cli>Community Role Restriction\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Future Enhancements:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Image Ratings System\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Exclusive Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Organized Photo Albums\u003C\u002Fli>\n\u003Cli>Video Integration (YouTube, Vimeo)\u003C\u002Fli>\n\u003Cli>Photo and Video Comments\u003C\u002Fli>\n\u003Cli>Albums Shortcode for Any Page\u002FWidget\u003C\u002Fli>\n\u003Cli>Multiple Layouts: Carousel, Grid, Slideshow\u003C\u002Fli>\n\u003Cli>Categories and Tags for Better Organization\u003C\u002Fli>\n\u003Cli>Full-Screen Mode\u003C\u002Fli>\n\u003Cli>Activity Wall Posting\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Discover how our Gallery for Ultimate Member can revolutionize your community site. Check out our demos and prepare to be amazed!\u003C\u002Fp>\n","Enhance Ultimate Member with a Photo\u002FVideo Gallery Addon: Easy media sharing & vibrant community engagement.\"",100,17466,46,12,"2025-01-23T03:58:00.000Z","6.7.5","5.2","5.4",[20,21,22,23,24],"ultimate-member","ultimate-member-gallery","ultimatemember","um-gallery","video-gallery-ultimate-member","https:\u002F\u002Fsuiteplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgallery-for-ultimate-member.1.1.3.zip",63,4,1,"2025-04-04 00:00:00","2026-03-15T15:16:48.613Z",[33,47,61,77],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-32121","video-photo-gallery-for-ultimate-member-authenticated-administrator-sql-injection","Video & Photo Gallery for Ultimate Member \u003C= 1.1.3 - Authenticated (Administrator+) SQL Injection","The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.1.3","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-04-10 13:02:21",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F43ec4320-3b2b-49b8-acd2-833ea999efa0?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":6,"severity":40,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":57,"references":58,"days_to_patch":60},"CVE-2025-22672","video-photo-gallery-for-ultimate-member-authenticated-subscriber-server-side-request-forgery","Video & Photo Gallery for Ultimate Member \u003C= 1.1.2 - Authenticated (Subscriber+) Server-Side Request Forgery","The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.","\u003C=1.1.2",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-02-03 00:00:00","2025-02-12 19:00:36",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fda1ef273-417a-47f6-adf9-dbd5747a8c3b?source=api-prod",10,{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":38,"affected_versions":66,"patched_in_version":67,"severity":68,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":72,"updated_date":73,"references":74,"days_to_patch":76},"CVE-2024-54370","video-photo-gallery-for-ultimate-member-authenticated-subscriber-arbitrary-file-upload","Video & Photo Gallery for Ultimate Member \u003C= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload","The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","\u003C=1.1.0","1.1.1","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2024-12-11 00:00:00","2024-12-19 08:09:56",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9bb22acd-ffdb-4897-a657-538969aa6f41?source=api-prod",8,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":40,"cvss_score":84,"cvss_vector":85,"vuln_type":86,"published_date":72,"updated_date":87,"references":88,"days_to_patch":29},"CVE-2024-12162","video-photo-gallery-for-ultimate-member-reflected-cross-site-scripting","Video & Photo Gallery for Ultimate Member \u003C= 1.1.1 - Reflected Cross-Site Scripting","The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.1","1.1.2",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-12 04:23:15",[89],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb588b8d0-5d71-4e95-ad97-821e47b013c8?source=api-prod",{"slug":91,"display_name":7,"profile_url":8,"plugin_count":92,"total_installs":93,"avg_security_score":94,"avg_patch_time_days":95,"trust_score":96,"computed_at":97},"suiteplugins",17,1600,86,7,90,"2026-04-04T06:51:52.500Z",[99,120,138,153,168],{"slug":100,"name":101,"version":6,"author":7,"author_profile":8,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":16,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":116,"download_link":117,"security_score":96,"vuln_count":29,"unpatched_count":118,"last_vuln_date":119,"fetched_at":31},"login-widget-for-ultimate-member","Login Widget for Ultimate Member","\u003Cp>This extension is a simple login widget that will display a login form for Ultimate Member. Once logged in, users will have quick access to all their Ultimate Member tabs, Profile and Account Edit.\u003C\u002Fp>\n\u003Ch4>Using Login Form shortcode\u003C\u002Fh4>\n\u003Cp>You can use the shortcode [um_login_widget].\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use the attribute \u003Cstrong>form_type\u003C\u002Fstrong> and the login form ID to display the appropriate login form. By default, the shortcode will display the default WordPress login. e.g [um_login_widget form_type=”6β€³]\u003C\u002Fli>\n\u003Cli>Use the attribute \u003Cstrong>hide_remember_me\u003C\u002Fstrong> and enter 1 to hide the remember me option. e.g [um_login_widget hide_remember_me=”1β€³]\u003C\u002Fli>\n\u003Cli>As of version 1.1.0, you have options to hide avatar, profile link, account link and profile tabs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Other Ultimate Member Plugins\u003C\u002Fh4>\n\u003Cp>SuitePlugins is on the verge of creating some great addons for Ultimate Member. Here are a few that you may want to check out\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fgallery-for-ultimate-members\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=login-widget\" rel=\"nofollow ugc\">Gallery\u003C\u002Fa> – \u003Cstrong>Most Popular\u003C\u002Fstrong> An easy drag and drop gallery for Ultimate Members.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-events-pro\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=login-widget\" rel=\"nofollow ugc\">Events\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fdocs-for-ultimatemember\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=login-widget\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> – Let users upload files that can be seen publicly or privately\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fstories-for-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=login-widget\" rel=\"nofollow ugc\">Stories\u003C\u002Fa> – Allow users to have a journal or mini-blog from their profile.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fvisitors-for-ultimate-members\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=login-widget\" rel=\"nofollow ugc\">Visitors\u003C\u002Fa> – Visitors allow users to see others that have visited their profile\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Frelationships-for-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=login-widget\" rel=\"nofollow ugc\">Relationships\u003C\u002Fa> – Allow users to select family members and display them on their profile\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-widget-for-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=login-widget\" rel=\"ugc\">Gallery Lite\u003C\u002Fa> – An easy drag and drop gallery for Ultimate Members.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily add a login widget that works with Ultimate Member",700,62441,74,6,"2025-02-22T18:32:00.000Z","4.0","5.6",[112,20,113,114,115],"login-widget","ultimate-member-login","ultimate-member-widget","ultimatemember-login","http:\u002F\u002Fwww.suiteplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-widget-for-ultimate-member.1.1.3.zip",0,"2025-03-27 00:00:00",{"slug":121,"name":122,"version":123,"author":7,"author_profile":8,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":95,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":110,"tags":132,"homepage":136,"download_link":137,"security_score":128,"vuln_count":118,"unpatched_count":118,"last_vuln_date":38,"fetched_at":31},"um-custom-tab-builder-lite","Ultimate Member Custom Tab Builder Lite","1.0.5","\u003Cp>Use the Ultimate Member custom tab builder to add unlimited tabs with icons and slug. Add custom content or shortcodes to Ultimate Member profiles with just a few clicks.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show tabs based on roles\u003C\u002Fli>\n\u003Cli>Change icons, slug and name from admin\u003C\u002Fli>\n\u003Cli>Language Localization ready\u003C\u002Fli>\n\u003Cli>Add Shortcodes – Add shortcodes to profiles and change attributes with short tags.\u003C\u002Fli>\n\u003Cli>Add custom content – Add iframes, text, images, shortcodes to profiles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show tabs based on roles\u003C\u002Fli>\n\u003Cli>Change icons, slug and name from admin\u003C\u002Fli>\n\u003Cli>Language Localization ready\u003C\u002Fli>\n\u003Cli>Add Shortcodes – Add shortcodes to profiles and change attributes with short tags.\u003C\u002Fli>\n\u003Cli>Add custom content – Add iframes, text, images, shortcodes to profiles.\u003C\u002Fli>\n\u003Cli>Add Profile Form – Create multiple profile forms\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Contact Form 7 Integration – Add Contact Form Shortcode to profiles and have emails sent to profile owner\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-custom-tab-builder\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=um-custom-tab-builder\" rel=\"nofollow ugc\">Get UM Custom Tab Builder\u003C\u002Fa> – Same as lite but with a few extras.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-starter-suite\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=um-custom-tab-builder\" rel=\"nofollow ugc\">Ultimate Member Plugin Bundle\u003C\u002Fa> – A bundle of all our plugins including UM Custom Tab Builder.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","An easy way to add custom profile tabs to Ultimate Member Profile. Ultimate Member 2.0 compatible",500,14878,92,"2024-07-29T02:59:00.000Z","6.6.5","3.0.1",[20,133,134,22,135],"ultimate-member-contact-form","ultimate-member-profile-tabs","ultimatemember-custom-tabs","https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-custom-tab-builder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fum-custom-tab-builder-lite.1.0.5.zip",{"slug":139,"name":140,"version":141,"author":7,"author_profile":8,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":144,"num_ratings":29,"last_updated":146,"tested_up_to":147,"requires_at_least":131,"requires_php":110,"tags":148,"homepage":150,"download_link":151,"security_score":152,"vuln_count":118,"unpatched_count":118,"last_vuln_date":38,"fetched_at":31},"um-user-list","User List for Ultimate Member","1.0.1.4","\u003Cp>Experience the ability to list user suggestions for your Ultimate Member community. If you are using the Ultimate Member plugins Followers or Friends then the plugin will only suggest users that you are not following or who you are not friends with. This way the plugin will always suggest someone new.\u003C\u002Fp>\n\u003Cp>In an upcoming update the plugin will work with the \u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-meet-me\u002F\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=meet-me\" rel=\"nofollow ugc\">Ultimate Member Meet Me\u003C\u002Fa> plugin to suggest users that match profile criteria that the current user is looking for.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>AJAX user suggestions – View other suggestions by simply clicking show more.\u003C\u002Fli>\n\u003Cli>Language Localization ready\u003C\u002Fli>\n\u003Cli>Shortcode and Widget available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Feature suggestions are welcomed and appreciated.\u003C\u002Fp>\n\u003Ch4>How to use it\u003C\u002Fh4>\n\u003Cp>Once installed and activated, you can add a shortcode to a page, page builder or text widget or you can use the User Suggestions Widget\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Suggestions shortcode\u003C\u002Fstrong>\u003Cbr \u002F>\n* Add the shortcode \u003Cstrong>[um_user_suggestions]\u003C\u002Fstrong> to your page or widget.\u003Cbr \u002F>\n* Add the the shortcode attribute \u003Cstrong>count\u003C\u002Fstrong> to adjust the number of suggestions per load for e.g \u003Cstrong>[um_user_suggestions count=”2β€³]\u003C\u002Fstrong>\u003Cbr \u002F>\n* Add the the shortcode attribute \u003Cstrong>orderby\u003C\u002Fstrong> to order the suggestions alphabetically or randomly for e.g \u003Cstrong>[um_user_suggestions orderby=”random”]\u003C\u002Fstrong>. Sorted Alphabetically by default.\u003Cbr \u002F>\n* Add the the shortcode attribute \u003Cstrong>more_text\u003C\u002Fstrong> to change the text in the link that will show other suggestions e.g \u003Cstrong>[um_user_suggestions more_text=”Click to show more”]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Suggestions widget\u003C\u002Fstrong>\u003Cbr \u002F>\n* Go to Appearance > Widgets\u003Cbr \u002F>\n* Drag or place the widget \u003Cstrong>UM Users List\u003C\u002Fstrong> into a sidebar\u003Cbr \u002F>\n* Set the title and amount to show\u003Cbr \u002F>\n* Save and preview\u003C\u002Fp>\n\u003Ch4>Other Ultimate Member Plugins\u003C\u002Fh4>\n\u003Cp>SuitePlugins is on the verge of creating some great addons for Ultimate Member. Here are a few that you may want to check out\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Ffaceted-search-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Ultimate Member Advanced Search\u003C\u002Fa> – Create a super fast advanced search for Ultimate Member.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fgallery-for-ultimate-members\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Gallery\u003C\u002Fa> – \u003Cstrong>Most Popular\u003C\u002Fstrong> An easy drag and drop gallery for Ultimate Members.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-events-pro\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Events\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fclassifieds-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Classifieds\u003C\u002Fa> – Easy to use market place plugin for Ultimate Member\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fdocs-for-ultimatemember\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> – Let users upload files that can be seen publicly or privately\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fstories-for-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Stories\u003C\u002Fa> – Allow users to have a journal or mini-blog from their profile.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fvisitors-for-ultimate-members\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Visitors\u003C\u002Fa> – Visitors allow users to see others that have visited their profile\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Frelationships-for-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">Relationships\u003C\u002Fa> – Allow users to select family members and display them on their profile\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-widget-for-ultimate-member\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"ugc\">Gallery Lite\u003C\u002Fa> – An easy drag and drop gallery for Ultimate Members.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Ultimate Member Theme\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fsocial-tribe\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=user-list\" rel=\"nofollow ugc\">SocialTribe\u003C\u002Fa> – WordPress Theme built to Support Ultimate Member\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin for Ultimate member that allows users to display user suggestions in a simple widget.",20,3832,"2023-05-18T22:57:00.000Z","6.2.9",[20,149,22],"ultimate-member-members","https:\u002F\u002Fsuiteplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fum-user-list.1.0.1.4.zip",85,{"slug":154,"name":155,"version":156,"author":7,"author_profile":8,"description":157,"short_description":158,"active_installs":60,"downloaded":159,"rating":144,"num_ratings":29,"last_updated":160,"tested_up_to":161,"requires_at_least":131,"requires_php":110,"tags":162,"homepage":166,"download_link":167,"security_score":152,"vuln_count":118,"unpatched_count":118,"last_vuln_date":38,"fetched_at":31},"um-events-lite-for-ultimate-member","UM Events","1.0.0","\u003Cp>UM Events is another great addon to enhance your social network site. It is an easy to use plugin for managing events from a user profile. You can allow users to upload events with name, start date and time and an optional end date and time. Events can be viewed in a list from the profile.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>User frontend created events\u003C\u002Fli>\n\u003Cli>User can edit and delete from frontend\u003C\u002Fli>\n\u003Cli>Admin created events attached to users\u003C\u002Fli>\n\u003Cli>Language Localization ready\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy to use Events Uploader for Ultimate Member. Give your users the option to create events",1523,"2018-10-25T13:06:00.000Z","4.9.29",[163,20,164,22,165],"events","ultimate-member-events","ultimatemember-events-calendar","https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-events-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fum-events-lite-for-ultimate-member.1.0.0.zip",{"slug":169,"name":170,"version":156,"author":7,"author_profile":8,"description":171,"short_description":172,"active_installs":60,"downloaded":173,"rating":118,"num_ratings":118,"last_updated":174,"tested_up_to":175,"requires_at_least":131,"requires_php":110,"tags":176,"homepage":178,"download_link":179,"security_score":11,"vuln_count":118,"unpatched_count":118,"last_vuln_date":38,"fetched_at":180},"um-navigation-menu","UM Navigation Menu","\u003Cp>An easy way to add Ultimate Member navigation to admin bar.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ultimate Member 2.0 compatible\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Language Localization ready\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fum-starter-suite\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=um-custom-tab-builder\" rel=\"nofollow ugc\">Ultimate Member Plugin Bundle\u003C\u002Fa> – A bundle of all our plugins including UM Custom Tab Builder.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Ultimate Member Theme\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsuiteplugins.com\u002Fdownloads\u002Fsocial-tribe\u002F?utm_source=wordpress&utm_medium=plugin&utm_content=um-story-lite\" rel=\"nofollow ugc\">SocialTribe\u003C\u002Fa> – WordPress Theme built to Support Ultimate Member\u003C\u002Fli>\n\u003C\u002Ful>\n","An easy way to add Ultimate Member navigation to admin bar. Ultimate Member 2.0 compatible",1525,"","5.0.25",[20,134,22,177],"ultimatemember-navigation-menu","https:\u002F\u002Fsuiteplugins.com\u002Fultimate-member-navigation-menu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fum-navigation-menu.1.0.0.zip","2026-03-15T14:44:11.924Z",{"attackSurface":182,"codeSignals":359,"taintFlows":481,"riskAssessment":730,"analyzedAt":749},{"hooks":183,"ajaxHandlers":276,"restRoutes":339,"shortcodes":340,"cronEvents":357,"entryPointCount":330,"unprotectedCount":358},[184,190,194,198,202,207,212,215,219,222,226,229,232,235,238,242,244,248,252,256,261,265,269,272],{"type":185,"name":186,"callback":187,"file":188,"line":189},"action","init","load_plugin_textdomain","gallery-for-ultimate-member.php",210,{"type":185,"name":191,"callback":192,"file":188,"line":193},"wp_enqueue_scripts","add_scripts",219,{"type":185,"name":195,"callback":196,"file":188,"line":197},"widgets_init","register_widgets",221,{"type":185,"name":199,"callback":200,"priority":60,"file":188,"line":201},"wpmu_new_blog","um_gallery_pro_new_blog_setup",724,{"type":185,"name":203,"callback":204,"priority":14,"file":205,"line":206},"um_gallery_addon_updated","alter_database","includes\\class-um-gallery-privacy.php",39,{"type":208,"name":209,"callback":210,"priority":14,"file":211,"line":96},"filter","um_profile_tabs","setup_gallery_tabs","includes\\class-um-gallery-template.php",{"type":208,"name":213,"callback":210,"priority":14,"file":211,"line":214},"um_user_profile_tabs",91,{"type":185,"name":216,"callback":217,"file":211,"line":218},"wp_footer","add_render_tmpls",95,{"type":185,"name":186,"callback":220,"file":211,"line":221},"init_hooks",96,{"type":185,"name":223,"callback":186,"file":224,"line":225},"admin_init","includes\\um-gallery-admin.php",104,{"type":185,"name":223,"callback":227,"file":224,"line":228},"update_admin_search_url",105,{"type":185,"name":223,"callback":230,"file":224,"line":231},"update_album",106,{"type":185,"name":223,"callback":233,"file":224,"line":234},"moderate_addon",107,{"type":185,"name":236,"callback":236,"file":224,"line":237},"admin_notices",108,{"type":185,"name":239,"callback":240,"file":224,"line":241},"admin_menu","add_options_page",109,{"type":185,"name":203,"callback":204,"priority":14,"file":224,"line":243},110,{"type":185,"name":245,"callback":246,"file":224,"line":247},"um_gallery_action_tab","addons_tab",114,{"type":185,"name":249,"callback":250,"file":224,"line":251},"admin_enqueue_scripts","enqueue_cmb_css",115,{"type":185,"name":186,"callback":253,"file":254,"line":255},"um_gallery_suggest_tabs","includes\\um-gallery-ajax.php",25,{"type":185,"name":257,"callback":258,"priority":14,"file":259,"line":260},"um_gallery_photo_deleted","delete_associated_comments","includes\\um-gallery-comments.php",29,{"type":185,"name":216,"callback":262,"file":263,"line":264},"um_gallery_form_modal","includes\\um-gallery-functions.php",1012,{"type":185,"name":223,"callback":266,"file":267,"line":268},"page_init","includes\\um-gallery-settings.php",57,{"type":185,"name":223,"callback":270,"file":267,"line":271},"handle_option_page_submission",58,{"type":185,"name":273,"callback":274,"priority":60,"file":267,"line":275},"um_gallery_after_options_page","add_admin_menu",59,[277,282,285,288,290,294,297,300,303,306,309,313,315,319,321,324,326,329,331,335],{"action":278,"nopriv":279,"callback":278,"hasNonce":280,"hasCapCheck":279,"file":224,"line":281},"um_gallery_admin_delete",false,true,113,{"action":283,"nopriv":279,"callback":283,"hasNonce":279,"hasCapCheck":279,"file":254,"line":284},"um_gallery_photo_details",22,{"action":286,"nopriv":279,"callback":286,"hasNonce":279,"hasCapCheck":280,"file":254,"line":287},"um_gallery_admin_update_photo",23,{"action":289,"nopriv":279,"callback":289,"hasNonce":279,"hasCapCheck":279,"file":254,"line":260},"um_gallery_album_update",{"action":291,"nopriv":279,"callback":292,"hasNonce":279,"hasCapCheck":279,"file":254,"line":293},"um_gallery_delete_album","um_gallery_ajax_delete_album",30,{"action":295,"nopriv":279,"callback":295,"hasNonce":279,"hasCapCheck":279,"file":254,"line":296},"um_gallery_get_album_form",31,{"action":298,"nopriv":279,"callback":298,"hasNonce":279,"hasCapCheck":279,"file":254,"line":299},"um_gallery_photo_update",32,{"action":301,"nopriv":279,"callback":301,"hasNonce":279,"hasCapCheck":279,"file":254,"line":302},"um_gallery_get_album_item",33,{"action":304,"nopriv":279,"callback":304,"hasNonce":279,"hasCapCheck":279,"file":254,"line":305},"um_gallery_photo_upload",34,{"action":307,"nopriv":279,"callback":307,"hasNonce":279,"hasCapCheck":279,"file":254,"line":308},"um_gallery_add_videos",35,{"action":310,"nopriv":279,"callback":311,"hasNonce":279,"hasCapCheck":279,"file":254,"line":312},"um_photo_info","um_gallery_photo_info",36,{"action":310,"nopriv":280,"callback":311,"hasNonce":279,"hasCapCheck":279,"file":254,"line":314},37,{"action":316,"nopriv":279,"callback":317,"hasNonce":279,"hasCapCheck":279,"file":254,"line":318},"sp_gallery_um_delete","delete_item",38,{"action":320,"nopriv":279,"callback":320,"hasNonce":279,"hasCapCheck":279,"file":254,"line":206},"um_gallery_fetch_remote_thumbnail",{"action":322,"nopriv":279,"callback":322,"hasNonce":279,"hasCapCheck":279,"file":254,"line":323},"um_gallery_get_more_photos",41,{"action":322,"nopriv":280,"callback":322,"hasNonce":279,"hasCapCheck":279,"file":254,"line":325},42,{"action":327,"nopriv":279,"callback":328,"hasNonce":279,"hasCapCheck":279,"file":259,"line":255},"um_gallery_get_comments","get_comments_by_photo_id",{"action":327,"nopriv":280,"callback":328,"hasNonce":279,"hasCapCheck":279,"file":259,"line":330},26,{"action":332,"nopriv":279,"callback":333,"hasNonce":279,"hasCapCheck":279,"file":259,"line":334},"um_gallery_post_comment","ajax_post_comment",27,{"action":336,"nopriv":279,"callback":337,"hasNonce":279,"hasCapCheck":279,"file":259,"line":338},"um_gallery_delete_comment","ajax_delete_comment",28,[],[341,344,346,350,352,355],{"tag":342,"callback":342,"file":343,"line":95},"um_gallery_albums","includes\\um-gallery-shortcodes.php",{"tag":345,"callback":345,"file":343,"line":76},"um_gallery_photos",{"tag":347,"callback":348,"file":343,"line":349},"um_gallery_recent_photos_grid","um_gallery_recent_photos",9,{"tag":351,"callback":351,"file":343,"line":60},"um_gallery_wall_activity",{"tag":353,"callback":353,"file":343,"line":354},"um_gallery_photo_count",11,{"tag":356,"callback":356,"file":343,"line":14},"um_gallery_album_count",[],18,{"dangerousFunctions":360,"sqlUsage":361,"outputEscaping":393,"fileOperations":475,"externalRequests":476,"nonceChecks":95,"capabilityChecks":29,"bundledLibraries":477},[],{"prepared":312,"raw":362,"locations":363},14,[364,367,369,371,373,375,376,377,379,382,384,386,388,391],{"file":365,"line":76,"context":366},"admin\\templates\\tools.php","$wpdb->get_row() with variable interpolation",{"file":365,"line":14,"context":368},"$wpdb->query() with variable interpolation",{"file":365,"line":370,"context":368},19,{"file":365,"line":255,"context":372},"$wpdb->get_results() with variable interpolation",{"file":365,"line":374,"context":368},54,{"file":365,"line":268,"context":368},{"file":365,"line":27,"context":368},{"file":365,"line":378,"context":368},78,{"file":188,"line":380,"context":381},705,"$wpdb->get_col() with variable interpolation",{"file":205,"line":383,"context":368},47,{"file":224,"line":385,"context":368},151,{"file":224,"line":387,"context":368},155,{"file":224,"line":389,"context":390},160,"$wpdb->get_var() with variable interpolation",{"file":224,"line":392,"context":381},602,{"escaped":394,"rawEcho":383,"locations":395},312,[396,400,402,403,404,407,408,411,412,414,416,418,420,421,423,424,426,427,429,430,432,434,436,437,438,440,441,442,443,445,446,447,448,451,452,454,456,457,459,461,462,464,465,467,469,471,473],{"file":397,"line":398,"context":399},"admin\\templates\\addons.php",70,"raw output",{"file":397,"line":401,"context":399},73,{"file":397,"line":96,"context":399},{"file":397,"line":214,"context":399},{"file":405,"line":406,"context":399},"admin\\templates\\gallery-view.php",3,{"file":405,"line":218,"context":399},{"file":409,"line":410,"context":399},"admin\\templates\\list-head.php",21,{"file":409,"line":410,"context":399},{"file":365,"line":413,"context":399},101,{"file":211,"line":415,"context":399},483,{"file":224,"line":417,"context":399},511,{"file":224,"line":419,"context":399},516,{"file":254,"line":378,"context":399},{"file":254,"line":422,"context":399},228,{"file":254,"line":422,"context":399},{"file":254,"line":425,"context":399},237,{"file":254,"line":425,"context":399},{"file":254,"line":428,"context":399},238,{"file":343,"line":128,"context":399},{"file":343,"line":431,"context":399},93,{"file":433,"line":284,"context":399},"includes\\widgets\\class-widget-recent-photos.php",{"file":433,"line":435,"context":399},24,{"file":433,"line":330,"context":399},{"file":433,"line":334,"context":399},{"file":439,"line":349,"context":399},"templates\\um-gallery\\albums.php",{"file":439,"line":354,"context":399},{"file":439,"line":354,"context":399},{"file":439,"line":362,"context":399},{"file":439,"line":444,"context":399},15,{"file":439,"line":144,"context":399},{"file":439,"line":144,"context":399},{"file":439,"line":410,"context":399},{"file":449,"line":450,"context":399},"templates\\um-gallery\\content-carousel.php",62,{"file":449,"line":27,"context":399},{"file":449,"line":453,"context":399},64,{"file":449,"line":455,"context":399},65,{"file":449,"line":398,"context":399},{"file":449,"line":458,"context":399},71,{"file":460,"line":302,"context":399},"templates\\um-gallery\\content-grid.php",{"file":460,"line":305,"context":399},{"file":463,"line":314,"context":399},"templates\\um-gallery\\content-masonry.php",{"file":463,"line":314,"context":399},{"file":463,"line":466,"context":399},48,{"file":463,"line":468,"context":399},49,{"file":470,"line":455,"context":399},"templates\\um-gallery\\content-slideshow.php",{"file":470,"line":472,"context":399},66,{"file":470,"line":474,"context":399},67,5,2,[478],{"name":479,"version":38,"knownCves":480},"jQuery",[],[482,520,532,547,558,568,578,587,619,629,638,646,661,679,689,700,720],{"entryPoint":483,"graph":484,"unsanitizedCount":28,"severity":40},"search_box (includes\\um-gallery-admin-list.php:306)",{"nodes":485,"edges":515},[486,492,497,501,503,507,509,513],{"id":487,"type":488,"label":489,"file":490,"line":491},"n0","source","$_REQUEST['orderby']","includes\\um-gallery-admin-list.php",313,{"id":493,"type":494,"label":495,"file":490,"line":491,"wp_function":496},"n1","sink","echo() [XSS]","echo",{"id":498,"type":488,"label":499,"file":490,"line":500},"n2","$_REQUEST['order']",316,{"id":502,"type":494,"label":495,"file":490,"line":500,"wp_function":496},"n3",{"id":504,"type":488,"label":505,"file":490,"line":506},"n4","$_REQUEST['post_mime_type']",319,{"id":508,"type":494,"label":495,"file":490,"line":506,"wp_function":496},"n5",{"id":510,"type":488,"label":511,"file":490,"line":512},"n6","$_REQUEST['detached']",322,{"id":514,"type":494,"label":495,"file":490,"line":512,"wp_function":496},"n7",[516,517,518,519],{"from":487,"to":493,"sanitized":279},{"from":498,"to":502,"sanitized":279},{"from":504,"to":508,"sanitized":279},{"from":510,"to":514,"sanitized":279},{"entryPoint":521,"graph":522,"unsanitizedCount":29,"severity":40},"update_admin_search_url (includes\\um-gallery-admin.php:327)",{"nodes":523,"edges":530},[524,527],{"id":487,"type":488,"label":525,"file":224,"line":526},"$_SERVER['REQUEST_URI']",330,{"id":493,"type":494,"label":528,"file":224,"line":526,"wp_function":529},"wp_redirect() [Open Redirect]","wp_redirect",[531],{"from":487,"to":493,"sanitized":279},{"entryPoint":533,"graph":534,"unsanitizedCount":476,"severity":40},"um_gallery_get_album_item (includes\\um-gallery-ajax.php:220)",{"nodes":535,"edges":544},[536,539,541,543],{"id":487,"type":488,"label":537,"file":254,"line":538},"$_GET (x3)",222,{"id":493,"type":494,"label":495,"file":254,"line":540,"wp_function":496},226,{"id":498,"type":488,"label":542,"file":254,"line":538},"$_GET (x2)",{"id":502,"type":494,"label":495,"file":254,"line":422,"wp_function":496},[545,546],{"from":487,"to":493,"sanitized":280},{"from":498,"to":502,"sanitized":279},{"entryPoint":548,"graph":549,"unsanitizedCount":118,"severity":557},"\u003Cgallery-list> (admin\\templates\\gallery-list.php:0)",{"nodes":550,"edges":555},[551,554],{"id":487,"type":488,"label":552,"file":553,"line":476},"$_REQUEST","admin\\templates\\gallery-list.php",{"id":493,"type":494,"label":495,"file":553,"line":95,"wp_function":496},[556],{"from":487,"to":493,"sanitized":280},"low",{"entryPoint":559,"graph":560,"unsanitizedCount":118,"severity":557},"get_profile_photos_view (includes\\class-um-gallery-template.php:226)",{"nodes":561,"edges":566},[562,564],{"id":487,"type":488,"label":537,"file":211,"line":563},232,{"id":493,"type":494,"label":495,"file":211,"line":565,"wp_function":496},279,[567],{"from":487,"to":493,"sanitized":280},{"entryPoint":569,"graph":570,"unsanitizedCount":118,"severity":557},"get_profile_single_album_view (includes\\class-um-gallery-template.php:311)",{"nodes":571,"edges":576},[572,574],{"id":487,"type":488,"label":537,"file":211,"line":573},314,{"id":493,"type":494,"label":495,"file":211,"line":575,"wp_function":496},369,[577],{"from":487,"to":493,"sanitized":280},{"entryPoint":579,"graph":580,"unsanitizedCount":118,"severity":557},"\u003Cclass-um-gallery-template> (includes\\class-um-gallery-template.php:0)",{"nodes":581,"edges":585},[582,584],{"id":487,"type":488,"label":583,"file":211,"line":563},"$_GET (x6)",{"id":493,"type":494,"label":495,"file":211,"line":565,"wp_function":496},[586],{"from":487,"to":493,"sanitized":280},{"entryPoint":588,"graph":589,"unsanitizedCount":118,"severity":557},"\u003Cum-gallery-admin-list> (includes\\um-gallery-admin-list.php:0)",{"nodes":590,"edges":612},[591,592,595,596,600,601,602,603,604,606,608,610],{"id":487,"type":488,"label":552,"file":490,"line":27},{"id":493,"type":494,"label":593,"file":490,"line":398,"wp_function":594},"get_results() [SQLi]","get_results",{"id":498,"type":488,"label":552,"file":490,"line":27},{"id":502,"type":494,"label":597,"file":490,"line":598,"wp_function":599},"get_var() [SQLi]",103,"get_var",{"id":504,"type":488,"label":489,"file":490,"line":491},{"id":508,"type":494,"label":495,"file":490,"line":491,"wp_function":496},{"id":510,"type":488,"label":499,"file":490,"line":500},{"id":514,"type":494,"label":495,"file":490,"line":500,"wp_function":496},{"id":605,"type":488,"label":505,"file":490,"line":506},"n8",{"id":607,"type":494,"label":495,"file":490,"line":506,"wp_function":496},"n9",{"id":609,"type":488,"label":511,"file":490,"line":512},"n10",{"id":611,"type":494,"label":495,"file":490,"line":512,"wp_function":496},"n11",[613,614,615,616,617,618],{"from":487,"to":493,"sanitized":280},{"from":498,"to":502,"sanitized":280},{"from":504,"to":508,"sanitized":280},{"from":510,"to":514,"sanitized":280},{"from":605,"to":607,"sanitized":280},{"from":609,"to":611,"sanitized":280},{"entryPoint":620,"graph":621,"unsanitizedCount":118,"severity":557},"um_gallery_suggest_tabs (includes\\um-gallery-ajax.php:50)",{"nodes":622,"edges":627},[623,626],{"id":487,"type":488,"label":624,"file":254,"line":625},"$_GET",55,{"id":493,"type":494,"label":593,"file":254,"line":27,"wp_function":594},[628],{"from":487,"to":493,"sanitized":280},{"entryPoint":630,"graph":631,"unsanitizedCount":118,"severity":557},"ajax_delete_comment (includes\\um-gallery-comments.php:236)",{"nodes":632,"edges":636},[633,635],{"id":487,"type":488,"label":634,"file":259,"line":425},"$_POST",{"id":493,"type":494,"label":495,"file":259,"line":428,"wp_function":496},[637],{"from":487,"to":493,"sanitized":280},{"entryPoint":639,"graph":640,"unsanitizedCount":118,"severity":557},"\u003Cum-gallery-comments> (includes\\um-gallery-comments.php:0)",{"nodes":641,"edges":644},[642,643],{"id":487,"type":488,"label":634,"file":259,"line":425},{"id":493,"type":494,"label":495,"file":259,"line":428,"wp_function":496},[645],{"from":487,"to":493,"sanitized":280},{"entryPoint":647,"graph":648,"unsanitizedCount":29,"severity":68},"um_gallery_admin_delete (includes\\um-gallery-admin.php:308)",{"nodes":649,"edges":658},[650,651,654],{"id":487,"type":488,"label":634,"file":224,"line":512},{"id":493,"type":652,"label":653,"file":224,"line":512},"transform","β†’ um_gallery_delete_photo()",{"id":498,"type":494,"label":655,"file":263,"line":656,"wp_function":657},"get_row() [SQLi]",507,"get_row",[659,660],{"from":487,"to":493,"sanitized":279},{"from":493,"to":498,"sanitized":279},{"entryPoint":662,"graph":663,"unsanitizedCount":29,"severity":68},"\u003Cum-gallery-admin> (includes\\um-gallery-admin.php:0)",{"nodes":664,"edges":674},[665,666,667,669,671,672,673],{"id":487,"type":488,"label":525,"file":224,"line":526},{"id":493,"type":494,"label":528,"file":224,"line":526,"wp_function":529},{"id":498,"type":488,"label":634,"file":224,"line":668},246,{"id":502,"type":494,"label":495,"file":224,"line":670,"wp_function":496},589,{"id":504,"type":488,"label":634,"file":224,"line":512},{"id":508,"type":652,"label":653,"file":224,"line":512},{"id":510,"type":494,"label":655,"file":263,"line":656,"wp_function":657},[675,676,677,678],{"from":487,"to":493,"sanitized":280},{"from":498,"to":502,"sanitized":280},{"from":504,"to":508,"sanitized":279},{"from":508,"to":510,"sanitized":279},{"entryPoint":680,"graph":681,"unsanitizedCount":29,"severity":68},"um_gallery_photo_update (includes\\um-gallery-ajax.php:404)",{"nodes":682,"edges":687},[683,685],{"id":487,"type":488,"label":634,"file":254,"line":684},407,{"id":493,"type":494,"label":597,"file":254,"line":686,"wp_function":599},435,[688],{"from":487,"to":493,"sanitized":279},{"entryPoint":690,"graph":691,"unsanitizedCount":29,"severity":68},"delete_item (includes\\um-gallery-ajax.php:491)",{"nodes":692,"edges":697},[693,695,696],{"id":487,"type":488,"label":634,"file":254,"line":694},495,{"id":493,"type":652,"label":653,"file":254,"line":694},{"id":498,"type":494,"label":655,"file":263,"line":656,"wp_function":657},[698,699],{"from":487,"to":493,"sanitized":279},{"from":493,"to":498,"sanitized":279},{"entryPoint":701,"graph":702,"unsanitizedCount":29,"severity":68},"\u003Cum-gallery-ajax> (includes\\um-gallery-ajax.php:0)",{"nodes":703,"edges":714},[704,705,706,708,709,710,711,712,713],{"id":487,"type":488,"label":624,"file":254,"line":625},{"id":493,"type":494,"label":593,"file":254,"line":27,"wp_function":594},{"id":498,"type":488,"label":707,"file":254,"line":538},"$_GET (x5)",{"id":502,"type":494,"label":495,"file":254,"line":540,"wp_function":496},{"id":504,"type":488,"label":634,"file":254,"line":684},{"id":508,"type":494,"label":597,"file":254,"line":686,"wp_function":599},{"id":510,"type":488,"label":634,"file":254,"line":694},{"id":514,"type":652,"label":653,"file":254,"line":694},{"id":605,"type":494,"label":655,"file":263,"line":656,"wp_function":657},[715,716,717,718,719],{"from":487,"to":493,"sanitized":280},{"from":498,"to":502,"sanitized":280},{"from":504,"to":508,"sanitized":280},{"from":510,"to":514,"sanitized":279},{"from":514,"to":605,"sanitized":279},{"entryPoint":721,"graph":722,"unsanitizedCount":29,"severity":68},"\u003Cum-gallery-functions> (includes\\um-gallery-functions.php:0)",{"nodes":723,"edges":728},[724,726],{"id":487,"type":488,"label":624,"file":263,"line":725},440,{"id":493,"type":494,"label":593,"file":263,"line":727,"wp_function":594},1130,[729],{"from":487,"to":493,"sanitized":279},{"summary":731,"deductions":732},"The 'gallery-for-ultimate-member' plugin v1.1.3 exhibits a concerning security posture due to a significant number of unprotected entry points and a history of severe vulnerabilities. While the code shows some good practices like a high percentage of prepared SQL statements and properly escaped output, these strengths are overshadowed by critical weaknesses. The static analysis reveals 18 unprotected AJAX handlers out of 20, creating a large attack surface for potential unauthorized actions. Furthermore, the taint analysis identified 6 high-severity flows with unsanitized paths, indicating a risk of sensitive data exposure or manipulation.\n\nThe vulnerability history is particularly alarming, with 4 known CVEs, including one high-severity unpatched vulnerability. The common types of past vulnerabilities (SQL Injection, SSRF, Unrestricted Uploads, XSS) suggest a pattern of issues related to improper input validation and handling, which are exacerbated by the identified unsanitized paths in the current version. The most recent vulnerability being from April 2025 is also a red flag, hinting at potential ongoing or recurring security flaws.\n\nIn conclusion, while the plugin has some positive security attributes, the high number of unprotected entry points, critical taint flows, and a history of serious, often recurring, vulnerability types make this plugin a significant risk. The presence of an unpatched high-severity vulnerability further elevates the urgency for remediation. Users should exercise extreme caution and consider disabling or replacing this plugin until these issues are addressed.",[733,735,737,739,741,743,745,747],{"reason":734,"points":60},"Unprotected AJAX handlers",{"reason":736,"points":14},"High severity taint flows with unsanitized paths",{"reason":738,"points":444},"Unpatched high severity CVE",{"reason":740,"points":475},"Vulnerability history: SQL Injection",{"reason":742,"points":475},"Vulnerability history: SSRF",{"reason":744,"points":475},"Vulnerability history: Unrestricted Upload",{"reason":746,"points":475},"Vulnerability history: Cross-site Scripting",{"reason":748,"points":475},"Limited capability checks","2026-03-16T20:44:39.120Z",{"wat":751,"direct":770},{"assetPaths":752,"generatorPatterns":760,"scriptPaths":761,"versionParams":762},[753,754,755,756,757,758,759],"\u002Fwp-content\u002Fplugins\u002Fgallery-for-ultimate-member\u002Fassets\u002Fcss\u002Fjquery.fancybox.css","\u002Fwp-content\u002Fplugins\u002Fgallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-admin.js","\u002Fwp-content\u002Fplugins\u002Fgallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-ajax.js","\u002Fwp-content\u002Fplugins\u002Fgallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-frontend.js","\u002Fwp-content\u002Fplugins\u002Fgallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-functions.js","\u002Fwp-content\u002Fplugins\u002Fgallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-template.js","\u002Fwp-content\u002Fplugins\u002Fgallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fzoom.js",[],[754,755,756,757,758,759],[763,764,765,766,767,768,769],"gallery-for-ultimate-member\u002Fassets\u002Fcss\u002Fjquery.fancybox.css?ver=","gallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-admin.js?ver=","gallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-ajax.js?ver=","gallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-frontend.js?ver=","gallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-functions.js?ver=","gallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fum-gallery-template.js?ver=","gallery-for-ultimate-member\u002Fassets\u002Fjs\u002Fzoom.js?ver=",{"cssClasses":771,"htmlComments":776,"htmlAttributes":777,"restEndpoints":780,"jsGlobals":781,"shortcodeOutput":785},[772,773,774,4,775],"um-gallery-item","um-gallery-upload-wrap","um-gallery-browse-wrap","um-gallery-item-footer",[],[778,779],"data-gallery-id","data-photo-id",[],[782,783,784],"um_gallery_ajax_obj","um_gallery_frontend_obj","um_gallery_template_obj",[786],"[ultimate_user_gallery]"]