CVE-2018-0586

MEDIUM

Ultimatemember User Profile & Membership < 2.0.4 - Path Traversal

Title source: rule
STIX 2.1

Description

Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9608
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN28804532/index.html

Scores

CVSS v3 4.3
EPSS 0.0161
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
ultimatemember/user_profile_\&_membership < 2.0.4
Published May 14, 2018
Tracked Since Feb 18, 2026