2 matches found
CVE-2022-3384
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populatedropdownoptions function that accepts user supplied input and passes it through calluserfunc. This is restricted to non-parameter PHP functions like phpinfo; sin...
PT-2022-21874 · WordPress · Ultimate Member
Name of the Vulnerable Software and Affected Versions: The Ultimate Member plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows for Remote Code Execution via the populate dropdown options function, which accepts user-supplied input and passes it through call use...