Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

CVE-2020-36155

creationtimestamp| type| source ---|---|--- 2025-09-15 16:48:48+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-36155.yaml 2025-09-17 21:02:35+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz2qaykzyw2n...

CVE-2021-36155

LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service...

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

CVE-2024-36155

CVE-2024-36155 affects Adobe Experience Manager (AEM) 6.5.20 and earlier, where a stored XSS vulnerability could allow an attacker to inject malicious scripts into vulnerable form fields, leading to JavaScript execution in a victim’s browser. The NVD entry reports a MEDIUM severity (CVSS 3.1: 5.4...

CVE-2022-36155

tifig v0.2.2 was discovered to contain a resource allocation issue via operator newunsigned long at asannewdelete.cpp...

CVE-2022-36155

tifig v0.2.2 was discovered to contain a resource allocation issue via operator newunsigned long at asannewdelete.cpp...

CVE-2022-36155

tifig v0.2.2 was discovered to contain a resource allocation issue via operator newunsigned long at asannewdelete.cpp...

CVE-2022-36155

tifig v0.2.2 was discovered to contain a resource allocation issue via operator newunsigned long at asannewdelete.cpp...

CVE-2022-36155

CVE-2022-36155 affects tifig v0.2.2 with a resource allocation issue in asan_new_delete.cpp (operator new(unsigned long)). The CVE entry notes availability impact as HIGH while confidentiality and integrity remain NONE. Public details consistently describe the issue but do not provide exploit/vec...

CVE-2021-36155

CVE-2021-36155 affects gRPC Swift up to version 1.1.0, where LengthPrefixedMessageReader can allocate buffers of unbounded size, leading to uncontrolled resource consumption and denial of service in gRPC Swift clients and servers. The issue arises from how messages are read/parsed, enabling an at...

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

CVE-2020-36155

CVE-2020-36155 affects the WordPress plugin Ultimate Member (versions prior to 2.1.12). The vulnerability arises when registration data is passed to the plugin’s update_profile function, allowing an attacker to submit metadata (e.g., wp_capabilities[administrator]) that gets accepted, enabling un...

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...