CVE-2018-0587
MEDIUMUltimatemember User Profile & Membership - Unrestricted File Upload
Title source: ruleDescription
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN28804532/index.html
Release Notes x_refsource_confirm
https://wordpress.org/plugins/ultimate-member/#developers
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9608
Scores
CVSS v3
4.3
EPSS
0.0016
EPSS Percentile
36.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-434
Status
published
Products (1)
ultimatemember/user_profile_\&_membership
< 2.0.4
Published
May 14, 2018
Tracked Since
Feb 18, 2026