WordPress Plugin Vulnerabilities

Ultimate Member < 1.3.65 - Local File Inclusion

Description

It was discovered that Ultimate Member is vulnerable to PHP File Inclusion. In order to exploit this issue an attacker must be able to place an arbitrary PHP file on the target system. Afterwards the attacker needs to lure an authenticated admin to visit a malicious page. Through CSRF the attacker could compromise WordPress, by executing the malicious PHP file.

Affects Plugins

Plugin icon
ultimate-member
Fixed in 1.3.65

References

URL
https://sumofpwn.nl/advisory/2016/ultimate_member_local_file_inclusion_vulnerability.html

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
5.9 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
3ccc5483-2dd9-4925-95dd-3faa5cfdb951

Timeline

Publicly Published
2016-07-10 (about 9 years ago)
Added
2016-07-10 (about 9 years ago)
Last Updated
2020-08-12 (about 5 years ago)

Other

Published
Title
Published
2019-01-16
Title
Shortcode Factory < 2.8 - Local File Inclusion
Published
2024-02-23
Title
Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Directory Traversal
Published
2025-10-30
Title
Zombify < 1.7.6 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read
Published
2015-03-28
Title
Aspose Importer & Exporter 1.0 - Arbitrary File Download
Published
2024-12-05
Title
WP Hide & Security Enhancer < 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion