Vulnerability Description
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ultimatemember | Ultimate Member | < 2.1.12 |
Related Weaknesses (CWE)
References
- https://wordpress.org/plugins/ultimate-member/#developersRelease NotesThird Party Advisory
- https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53ExploitThird Party Advisory
- https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabiliExploitThird Party Advisory
- https://wordpress.org/plugins/ultimate-member/#developersRelease NotesThird Party Advisory
- https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53ExploitThird Party Advisory
- https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabiliExploitThird Party Advisory
FAQ
What is CVE-2020-36156?
CVE-2020-36156 is a vulnerability with a CVSS score of 9.9 (CRITICAL). An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page coul...
How severe is CVE-2020-36156?
CVE-2020-36156 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36156?
Check the references section above for vendor advisories and patch information. Affected products include: Ultimatemember Ultimate Member.