WordPress Plugin Vulnerabilities

Ultimate Member < 2.5.1 - Subscriber+ RCE

Description

The plugin does not validate user input passed to call_user_func() via the populate_dropdown_options () function, which could allow any authenticated users, such as subscriber to call arbitrary functions without argument (ie phpinfo())

Affects Plugins

ultimate-member

Fixed in version 2.5.1

References

CVE

CVE-2022-3384

Classification

Type

TRAVERSAL

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Original Researcher

Ruijie Li

Verified

WPVDB ID

7a6fa0ab-4b7b-4d58-be4a-9d7714768f2d

Timeline

Publicly Published

2022-10-28 (about 3 months ago)

Added

2022-10-30 (about 3 months ago)

Last Updated

2022-10-30 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin