3 matches found
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths...
CVE-2022-3361
The CVE-2022-3361 entry concerns the WordPress Ultimate Member plugin (versions up to 2.5.0). The vulnerability is a directory traversal flaw caused by insufficient validation of the template attribute in shortcodes, allowing an attacker with administrative privileges to supply traversal sequence...
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths...