WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. A remote code execution vulnerability exists in WordPress Ultimate Member plugin version 2.5.0 and earlier, which stems from a failure of the populate_dropdown_options function to properly filter the special element of the snippet. An authenticated attacker could exploit the vulnerability to cause arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress ultimate member plugin | le | 2.5.0 |