Ultimate Member <= 1.3.75 - Unauthenticated Change Passwords



Description
Ultimate Member <= 1.3.75 allows unauthenticated users to change an arbitrary users password, which could allow complete system access.

Affects Plugin

References

URL http://www.pritect.net/blog/ultimate-member-1-3-76-critical-security-issue
URL https://github.com/ultimatemember/ultimatemember/commit/c54e8d3c56027f1c87f62e54c722dc7c6e72f78a
URL https://github.com/ultimatemember/ultimatemember/commit/b66c99bec200aec2eda5d53ebf8495e705933081

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter James Golovich
Submitter Website https://pritect.net
Submitter Twitter Pritect
Views 9724
Verified No
WPVDB ID 8688

Timeline

Publicly Published 2016-12-06 (over 3 years ago)
Added 2016-12-08 (over 3 years ago)
Last Updated 2019-11-01 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin