WordPress Plugin Vulnerabilities

Ultimate Member < 2.5.1 - Subscriber+ RCE

Description

The plugin does not validate user input passed to call_user_func() via the populate_dropdown_options () function, which could allow any authenticated users, such as subscriber to call arbitrary functions without argument (ie phpinfo())

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.5.1

References

CVE
CVE-2022-3384

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.4 (high)

Miscellaneous

Original Researcher
Ruijie Li
Verified
No
WPVDB ID
7a6fa0ab-4b7b-4d58-be4a-9d7714768f2d

Timeline

Publicly Published
2022-10-28 (about 3 years ago)
Added
2022-10-30 (about 3 years ago)
Last Updated
2022-10-30 (about 3 years ago)

Other

Published
Title
Published
2022-09-14
Title
Enable Media Replace < 4.0.0 - Admin+ Path Traversal
Published
2024-01-03
Title
WP Compress < 6.10.34 - Unauthenticated Arbitrary File Read
Published
2026-03-05
Title
Shared Files < 1.7.58 - Contributor+ Arbitrary File Download
Published
2021-02-08
Title
Backup by Supsystic <= 2.3.9 - Authenticated Arbitrary File Download and Deletion
Published
2023-09-26
Title
Welcart e-Commerce < 2.8.22 - Author+ Path Traversal