3 matches found
WordPress Ultimate Member Plugin < 2.0.40 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ultimatemember:ultimatemember"; ifdescription...
CVE-2019-10270
Affected software: WordPress Ultimate Member plugin. Vulnerable component: password reset flow in Ultimate Member (versions around 2.39; OpenVAS references
CVE-2019-10270
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible due to lack of verification and correlation between the reset password key sent by mail and the userid parameter to reset the password of another user. One only needs to know the...