Test Kennung:	1.3.6.1.4.1.25623.1.0.113626
Kategorie:	Web application abuses
Titel:	WordPress Ultimate Member Plugin <= 2.1.2 Multiple Insecure Direct Object Reference Vulnerabilities
Zusammenfassung:	The WordPress plugin Ultimate Member is prone to multiple; Insecure Direct Object Reference vulnerabilities.
Beschreibung:	Summary: The WordPress plugin Ultimate Member is prone to multiple Insecure Direct Object Reference vulnerabilities. Vulnerability Insight: The vulnerabilities reside in includes/core/class-files.php. Vulnerability Impact: Successful exploitation would allow a remote attacker to change other users' profiles and cover photos via a modified user_id parameter. Affected Software/OS: WordPress Ultimate Member plugin through version 2.1.2. Solution: Update to version 2.1.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-6859 https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269 https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310 https://wordpress.org/plugins/ultimate-member/#developers https://wpvulndb.com/vulnerabilities/10041
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.