CVE-2022-3966 Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal

🗓️ 13 Nov 2022 00:00:00Reported by VulDBType

Vulnerability in Ultimate Member Plugin Template Handler

Reporter	Title	Published	Views	Family All 10
CNNVD	WordPress Plugin Ultimate Member 安全漏洞	13 Nov 202200:00	–	cnnvd
CNVD	WordPress Plugin Ultimate Member has an unspecified vulnerability	15 Nov 202200:00	–	cnvd
CVE	CVE-2022-3966	13 Nov 202200:00	–	cve
EUVD	EUVD-2022-43298	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3966	13 Nov 202208:15	–	nvd
OpenVAS	WordPress Ultimate Member Plugin < 2.5.1 Directory Traversal Vulnerability	17 Nov 202200:00	–	openvas
Prion	Design/Logic Flaw	13 Nov 202208:15	–	prion
Positive Technologies	PT-2022-24984 · WordPress · Ultimate Member Plugin	13 Nov 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-3966	22 May 202523:31	–	redhatcve
Vulnrichment	CVE-2022-3966 Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal	13 Nov 202200:00	–	vulnrichment

[
  {
    "vendor": "unspecified",
    "product": "Ultimate Member Plugin",
    "versions": [
      {
        "version": "2.0",
        "status": "affected"
      },
      {
        "version": "2.1",
        "status": "affected"
      },
      {
        "version": "2.2",
        "status": "affected"
      },
      {
        "version": "2.3",
        "status": "affected"
      },
      {
        "version": "2.4",
        "status": "affected"
      },
      {
        "version": "2.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
github	www.github.com/ultimatemember/ultimatemember/releases/tag/2.5.1
vuldb	www.vuldb.com/

13 Nov 2022 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.14.3

EPSS0.00483

CWE-22