ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation

Product
Ultimate Product Catalogue
Description
Ultimate Product Catalog plugin is prone to a privilege escalation vulnerability in the "<upc-plugin-path>/Functions/Update_Admin-Databases.php" file. It allows an attacker to manage the administration page and have an especific account.
Solution
Upgrade the plugin.
Classification
Type BYPASS
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 3.8.1
Fixed In 3.8.2
Disclosure date
2016-06-20
Credits
i0akiN SEC-LABORATORY