CVE-2020-36156

Published: Jan 4, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.

Affected (1)

Products: Ultimatemember: Ultimate Member

1 product

Ultimate Member

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ultimatemember Ultimate Member	Before 2.1.12

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://wordpress.org/plugins/ultimate-member/#developers

Source: cve@mitre.org

Release NotesThird Party Advisory

https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/

Source: cve@mitre.org

ExploitThird Party Advisory

https://wordpress.org/plugins/ultimate-member/#developers

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.