WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin Ultimate Member 2.6.0 and earlier versions are vulnerable to a remote code execution vulnerability caused by the get_option_value_from_callback function failing to properly filter the special elements of the construct snippet’s special elements. An attacker could exploit the vulnerability to cause arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress ultimate member plugin | le | 2.6.0 |