Lucene search
China National Vulnerability DatabaseCNVD-2022-86367HistoryNov 30, 2022 - 12:00 a.m.
WordPress Ultimate Member plugin remote code execution vulnerability
2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
wordpress
ultimate member plugin
remote code execution
vulnerability
input filtering
php
authenticated attacker
arbitrary code execution
0.005 Low
EPSS
Percentile
77.6%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. A remote code execution vulnerability exists in WordPress Ultimate Member plugin version 2.5.0 and earlier, which stems from a failure of the populate_dropdown_options function to properly filter the special element of the snippet. An authenticated attacker could exploit the vulnerability to cause arbitrary code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress ultimate member plugin | le | 2.5.0 |
Related
cve
cve
CVE-2022-3384
2022-11-29 21:15:11
wpvulndb
wpvulndb
Ultimate Member < 2.5.1 - Subscriber+ RCE
2022-10-28 00:00:00
prion
prion
Design/Logic Flaw
2022-11-29 21:15:00
patchstack
patchstack
nvd
nvd
CVE-2022-3384
2022-11-29 21:15:11
cvelist
cvelist
CVE-2022-3384
2022-11-29 20:39:57
osv
osv
CVE-2022-3384
2022-11-29 21:15:11
CVE-2022-3383
2022-11-29 21:15:10
openvas
openvas
WordPress Ultimate Member Plugin < 2.5.1 Multiple Vulnerabilities
2022-12-02 00:00:00