7 matches found
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...
CVE-2020-36155
creationtimestamp| type| source ---|---|--- 2025-09-15 16:48:48+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-36155.yaml 2025-09-17 21:02:35+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz2qaykzyw2n...
CVE-2020-36155
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...
CVE-2020-36155
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...
CVE-2020-36155
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...
CVE-2020-36155
CVE-2020-36155 affects the WordPress plugin Ultimate Member (versions prior to 2.1.12). The vulnerability arises when registration data is passed to the plugin’s update_profile function, allowing an attacker to submit metadata (e.g., wp_capabilities[administrator]) that gets accepted, enabling un...
CVE-2020-36155
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...