2 matches found
CVE-2022-3383
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the getoptionvaluefromcallback function that accepts user supplied input and passes it through calluserfunc. This makes it possible for authenticated attackers, with...
CVE-2022-3383
The CVE-2022-3383 entry refers to the WordPress Ultimate Member plugin. Affected ecosystem: WordPress with the Ultimate Member plugin (versions up to 2.5.0). Root cause: the get_option_value_from_callback function accepts user-supplied input and passes it through call_user_func(), enabling an aut...