WordPress Plugin Vulnerabilities

Ultimate Member < 2.0.22 - Unauthenticated Arbitrary File Upload

Description

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability.

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.0.22

References

URL
https://wordpress.org/support/topic/appears-um-got-hacked-on-my-site/
URL
https://wordpress.org/support/topic/danger-security-issue/
URL
https://plugins.trac.wordpress.org/changeset/1922149/ultimate-member

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
aa753fc0-10f3-4934-94ae-dd8d713a0190

Timeline

Publicly Published
2018-08-08 (about 7 years ago)
Added
2018-08-09 (about 7 years ago)
Last Updated
2020-08-12 (about 5 years ago)

Other

Published
Title
Published
2024-07-22
Title
Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting
Published
2014-08-01
Title
SEM WYSIWYG - Arbitrary File Upload
Published
2014-08-01
Title
SlimStat-Ex - Open Flash Chart Arbitrary File Creation
Published
2025-07-31
Title
StoreKeeper for WooCommerce < 14.4.5 - Unauthenticated Arbitrary File Upload
Published
2021-03-26
Title
WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE