Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability - CVE-2020-36156 - Vulnerability Database
WordPress Ultimate Member Plugin

WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability - CVE-2020-36156

High
Reference: CVE-2020-36156
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-36156
Title: WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability
Overview:

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g. Administrator) during a profile update and effectively escalate their privileges.