WordPress Plugin Vulnerabilities

Ultimate Member < 2.0.22 - Unauthenticated Arbitrary File Upload

Description

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability.

Affects Plugins

ultimate-member

Fixed in version 2.0.22

References

URL

https://wordpress.org/support/topic/appears-um-got-hacked-on-my-site/

URL

https://wordpress.org/support/topic/danger-security-issue/

URL

https://plugins.trac.wordpress.org/changeset/1922149/ultimate-member

Classification

Type

UPLOAD

CWE

CWE-434

Miscellaneous

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

aa753fc0-10f3-4934-94ae-dd8d713a0190

Timeline

Publicly Published

2018-08-08 (about 4 years ago)

Added

2018-08-09 (about 4 years ago)

Last Updated

2020-08-12 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin