Lucene search
China National Vulnerability DatabaseCNVD-2022-86366HistoryNov 30, 2022 - 12:00 a.m.
WordPress Ultimate Member plugin remote code execution vulnerability
2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
wordpress
ultimate member
remote code execution
vulnerability
php
get_option_value_from_callback
arbitrary code execution
0.005 Low
EPSS
Percentile
77.6%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin Ultimate Member 2.6.0 and earlier versions are vulnerable to a remote code execution vulnerability caused by the get_option_value_from_callback function failing to properly filter the special elements of the construct snippet’s special elements. An attacker could exploit the vulnerability to cause arbitrary code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress ultimate member plugin | le | 2.6.0 |
Related
cve
cve
CVE-2022-3383
2022-11-29 21:15:10
patchstack
patchstack
cvelist
cvelist
CVE-2022-3383
2022-11-29 20:40:09
nvd
nvd
CVE-2022-3383
2022-11-29 21:15:10
prion
prion
Design/Logic Flaw
2022-11-29 21:15:00
wpvulndb
wpvulndb
Ultimate Member < 2.5.1 - Admin+ RCE
2022-10-28 00:00:00
osv
osv
CVE-2022-3384
2022-11-29 21:15:11
CVE-2022-3383
2022-11-29 21:15:10
openvas
openvas
WordPress Ultimate Member Plugin < 2.5.1 Multiple Vulnerabilities
2022-12-02 00:00:00