[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fewmvI0DPSsLJuERyAFL1oEJXR3NnurG8SRCpwMfhLso":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2025-47691","ultimate-member-authenticated-administrator-arbitrary-function-call","Ultimate Member \u003C= 2.10.3 - Authenticated (Administrator+) Arbitrary Function Call","The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Arbitrary Function Calls in all versions up to, and including, 2.10.3. This is due to the plugin not properly restricting functions that can be called. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary functions making remote code execution possible.","ultimate-member",null,"\u003C=2.10.3","2.10.4","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Generation of Code ('Code Injection')","2025-05-07 00:00:00","2025-05-16 14:16:24",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdc8b33c7-23ef-4b5c-bdb9-b4e548d18832?source=api-prod",10]