High Priority Vulneraibility | WordPress.org

Resolved Etienne
(@epipo)

5 months, 1 week ago

Hi,

There has been a high priority vulnerability detected on this plugin in May 2025 and it seems that there is no fix available yet. Do you plan to fix this vulnerability soon?

Vulnerability: https://vdp.patchstack.com/database/wordpress/plugin/wp-user-manager/vulnerability/wordpress-wp-user-manager-plugin-2-9-12-php-object-injection-vulnerability

Thanks for your help.

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support Robert Fortaleza
(@robfrtlz)

5 months, 1 week ago

Hi @epipo,

Thanks for reaching out and for bringing this to our attention.

We’re aware of the reported vulnerability, and I can confirm that our team is already working on a fix for it. While I don’t have an exact ETA yet, the patch is currently in our development pipeline and will be included in an upcoming release.

In the meantime, we appreciate your patience, and we’ll make sure to update you as soon as the fix becomes available. If you have any additional questions or concerns, feel free to let us know, we’re here to help.

Priyanka Behera
(@priyankabehera155)

4 months, 3 weeks ago

Is this vulnerability issue resolved ?

buckelberg66
(@buckelberg66)

4 months, 1 week ago

Hi,
it would be very nice to get a timeline with a due date for the mitigation of the security threat. More than 6 month is really a long time for fixing a high priority security issue.
Thank and greetings from Germany

Studiobovenkamer
(@studiobovenkamer)

3 months, 4 weeks ago

@robfrtlz we have contacted you frequently about this and we don’t understand how this fix is not prioritized. It should have been fixed within days. It has been more than 6 months now.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

6 replies
5 participants
Last reply from: Studiobovenkamer
Last activity: 3 months, 4 weeks ago
Status: resolved