Lucene search
China National Vulnerability DatabaseCNVD-2022-86368HistoryNov 30, 2022 - 12:00 a.m.
WordPress Ultimate Member plugin directory traversal vulnerability
2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
wordpress
ultimate member plugin
directory traversal
vulnerability
php language
shortcode
input validation
sensitive information.
0.002 Low
EPSS
Percentile
57.8%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Ultimate Member plugin 2.5.0 and earlier versions are vulnerable to a directory traversal vulnerability that results from a failure to validate the input of the “template” attribute used in the shortcode. The vulnerability is caused by a failure to validate the input of the “template” attribute used in the shortcode, which can be exploited by an attacker by… /… /… to obtain sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress ultimate member plugin | le | 2.5.0 |
Related
nvd
nvd
CVE-2022-3361
2022-11-29 21:15:10
osv
osv
CVE-2022-3361
2022-11-29 21:15:10
wpvulndb
wpvulndb
Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal
2022-10-28 00:00:00
prion
prion
Directory traversal
2022-11-29 21:15:00
cvelist
cvelist
CVE-2022-3361
2022-11-29 20:39:43
cve
cve
CVE-2022-3361
2022-11-29 21:15:10
patchstack
patchstack
openvas
openvas
WordPress Ultimate Member Plugin < 2.5.1 Multiple Vulnerabilities
2022-12-02 00:00:00