2 matches found
CVE-2022-3384 Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populatedropdownoptions function that accepts user supplied input and passes it through calluserfunc. This is restricted to non-parameter PHP functions like phpinfo; sin...
CVE-2022-3384
The WordPress Ultimate Member plugin (up to version 2.5.0) is vulnerable to remote code execution via the populate_dropdown_options function, which passes user input to call_user_func() and is restricted to non-parameter PHP functions. An authenticated administrator can execute arbitrary code on ...