Lucene search
K

7 matches found

Nuclei
Nuclei
added yesterday14 views

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS7.2AI score0.08975EPSS
Exploits2References3
Circl
Circl
added 2025/09/15 4:48 p.m.7 views

CVE-2020-36155

creationtimestamp| type| source ---|---|--- 2025-09-15 16:48:48+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-36155.yaml 2025-09-17 21:02:35+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz2qaykzyw2n...

10CVSS9AI score0.08975EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.10 views

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS6.7AI score0.08975EPSS
Exploits2
OSV
OSV
added 2021/01/04 6:15 p.m.22 views

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

9.8CVSS7AI score
Exploits0References3
NVD
NVD
added 2021/01/04 6:15 p.m.29 views

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS9.4AI score0.08975EPSS
Exploits2References3
CVE
CVE
added 2021/01/04 5:22 p.m.82 views

CVE-2020-36155

CVE-2020-36155 affects the WordPress plugin Ultimate Member (versions prior to 2.1.12). The vulnerability arises when registration data is passed to the plugin’s update_profile function, allowing an attacker to submit metadata (e.g., wp_capabilities[administrator]) that gets accepted, enabling un...

10CVSS9.3AI score0.08975EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2021/01/04 5:22 p.m.32 views

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS9.4AI score0.08975EPSS
Exploits2References3
Rows per page
Query Builder