Ultimate Member < 2.1.3 - Insecure Direct Object Reference (IDOR)



Description
IDOR issues allowing change of other users' profiles and cover photos.

Affects Plugin

References

CVE 2020-6859
URL https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Views 2366
Verified No
WPVDB ID 10041

Timeline

Publicly Published 2020-01-13 (about 1 month ago)
Added 2020-01-22 (29 days ago)
Last Updated 2020-01-23 (28 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin