WordPress Ultimate Member Plugin Other Vulnerability - CVE-2022-3383 - Vulnerability Database

WordPress Ultimate Member Plugin Other Vulnerability - CVE-2022-3383

High
Reference: CVE-2022-3383
Title: WordPress Ultimate Member Plugin Other Vulnerability
Overview:

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to and including 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers with administrative capabilities to execute code on the server.