WordPress Plugin Vulnerabilities

Ultimate Member < 1.0.84 - Multiple Vulnerabilities

Description

Ultimate Member Plugin version 1.0.78 has several security vulnerabilities that allow unauthenticated users to delete and upload files, which can ultimately lead to remote code execution.

Affects Plugins

Plugin icon
ultimate-member
Fixed in 1.0.84

References

URL
https://www.pritect.net/blog/ultimate-member-plugin-1-0-78-critical-security-vulnerability

Miscellaneous

Submitter
James Golovich
Submitter website
http://www.pritect.net
Submitter twitter
Pritect
Verified
No
WPVDB ID
5eabcb2a-c27a-4b33-9d07-6507e0007c50

Timeline

Publicly Published
2015-03-16 (about 11 years ago)
Added
2015-03-17 (about 11 years ago)
Last Updated
2020-08-12 (about 5 years ago)

Other

Published
Title
Published
2014-09-17
Title
Google Maps Ready! 1.1.5 - CSRF & XSS
Published
2015-07-02
Title
WordPress File Upload < 3.0.0 - Multiple Vulnerabilities
Published
2014-08-01
Title
WordPress <= 1.5 - Multiple Vulnerabilities (XSS, SQLi)
Published
2014-08-01
Title
Spider Catalog - Cross-Site Scripting & SQL Injection Vulnerabilities
Published
2019-06-22
Title
Import users from CSV with meta < 1.14.2.2 - CSRF leading to attachment deletion & Path Traversal