ThreatPress

WordPress Vulnerability Database

Back

WordPress Ultimate Member plugin <= 2.1.11 - Unauthenticated/Authenticated Privilege Escalation

Product
Ultimate Member
Description
Unauthenticated Privilege Escalation via User Meta vulnerability found by Chloe Chamberland in WordPress Ultimate Member plugin (versions <= 2.1.11).
Solution
Update the WordPress Ultimate Member plugin to the latest available version (at least 2.1.12).
Classification
Type Multi
OWASP Top 10 A7: Missing Function Level Access Control
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.1.11
Fixed In 2.1.12
Disclosure date
2020-11-09
Credits
Chloe Chamberland