Multiple vulnerabilities in WordPress plugin "Ultimate Member"

Overview The WordPress plugin "Ultimate Member" provided by Ultimate Member contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0585 Directory Traversal in the shortcodes function CWE-22 - CVE-2018-0586 Arbitrary File Upload CWE-434 - CVE-2018-0587 Directory...

CVE-2015-5266

The enrolmetasync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-runni...

CVE-2015-5266

The enrolmetasync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-runni...

UBUNTU-CVE-2015-5266

The enrolmetasync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-runni...

CVE-2015-5266

The CVE-2015-5266 entry concerns Moodle’s enrol_meta_sync in enrol/meta/locallib.php. Affected releases include Moodle 2.6.11 and 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2. The vulnerability arises from incorrect role processing during a long-running synchronization script, ...