Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:29 p.m.7 views

CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...

5.3CVSS7.1AI score0.02168EPSS
Exploits0References1
OSV
OSV
added 2020/01/13 5:15 p.m.11 views

CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...

5.3CVSS7.1AI score
Exploits0References5
NVD
NVD
added 2020/01/13 5:15 p.m.20 views

CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...

5.3CVSS5.5AI score0.02168EPSS
Exploits0References5
CVE
CVE
added 2020/01/13 4:31 p.m.88 views

CVE-2020-6859

The CVE-2020-6859 entry corresponds to multiple Insecure Direct Object Reference (IDOR) vulnerabilities in the WordPress Ultimate Member plugin (affected until version 2.1.2) in includes/core/class-files.php. The underlying issue allows remote attackers to modify other users’ profiles and cover p...

5.3CVSS5.4AI score0.02168EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder