Critical Privilege Escalation Bugs Patched in WordPress Ultimate Member Plugin



User profile & membership plugin is using a huge number of Word Press site owners all over the world and it is a popular community-building plugin. This was announced that three multiple such as,

·       Unauthenticated Privilege Escalation via User Meta

·       Authenticated Privilege Escalation via Profile Update

·       Unauthenticated Privilege Escalation via User Roles

Affected Versions: <= 2.1.11

CVSS Score: 9.9 (CRITICAL)

Fully Patched Version: 2.1.12

Site owners of affected sites are advised to install the latest plugin updates immediately. 

More information is available here:

https://wpscan.com/vulnerability/10465

https://wpscan.com/vulnerability/10464

https://wpscan.com/vulnerability/10463


0 Comments