WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Member < 2.1.3 - Insecure Direct Object Reference (IDOR)

Description

IDOR issues allowing change of other users' profiles and cover photos.

Affects Plugins

ultimate-member
Fixed in version 2.1.3

References

CVE
CVE-2020-6859
URL
https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1

Classification

Type

PRIVESC

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Verified

No

WPVDB ID
476ccf2e-13f3-4834-9a2e-380d3d3c6729

Timeline

Publicly Published

2020-01-13 (about 3 years ago)

Added

2020-01-22 (about 3 years ago)

Last Updated

2020-08-12 (about 3 years ago)

Our Other Services

WPScan WordPress Security Plugin