CVE-2022-3384

🗓️ 29 Nov 2022 21:11:15Reported by [email protected]Type

The Ultimate Member plugin for WordPress allows authenticated attackers to execute code via Remote Code Execution vulnerability in versions up to 2.5.0

Reporter	Title	Published	Views	Family All 12
CNVD	WordPress Ultimate Member plugin remote code execution vulnerability	30 Nov 202200:00	–	cnvd
WPVulnDB	Ultimate Member < 2.5.1 - Subscriber+ RCE	28 Oct 202200:00	–	wpvulndb
CVE	CVE-2022-3384	29 Nov 202221:15	–	cve
Cvelist	CVE-2022-3384	29 Nov 202220:39	–	cvelist
Patchstack	WordPress Ultimate Member plugin <= 2.5.0 - Auth. Limited Remote Code Execution vulnerability	28 Oct 202200:00	–	patchstack
Prion	Design/Logic Flaw	29 Nov 202221:15	–	prion
Vulnrichment	CVE-2022-3384	29 Nov 202220:39	–	vulnrichment
OSV	CVE-2022-3384	29 Nov 202221:15	–	osv
OSV	CVE-2022-3383	29 Nov 202221:15	–	osv
RedhatCVE	CVE-2022-3384	6 Feb 202500:41	–	redhatcve

Nvd

Node

ultimatemember ultimate_memberRange≤2.5.0wordpress

Source	Link
yuque	www.yuque.com/docs/share/8796eef9-ac4c-4339-96b4-6c21313ecf3e
wordfence	www.wordfence.com/vulnerability-advisories-continued/
plugins	www.plugins.trac.wordpress.org/changeset
github	www.github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3383%20%26%26%20CVE-2022-3384.md

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Nov 2022 21:15Current

CVSS37.2

EPSS0.01181