CVE-2022-3384

2022-11-2920:39:57

Wordfence

www.cve.org

wordpress

ultimate member

remote code execution

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.6%

JSON

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.

CNA Affected

[
  {
    "vendor": "ultimatemember",
    "product": "Ultimate Member – User Profile, User Registration, Login & Membership Plugin",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.5.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3383%20%26%26%20CVE-2022-3384.md

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2805393%40ultimate-member&new=2805393%40ultimate-member&sfp_email=&sfph_mail=

www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3384

www.yuque.com/docs/share/8796eef9-ac4c-4339-96b4-6c21313ecf3e