CVE-2018-0588

HIGH

Ultimatemember User Profile & Membership < 2.0.4 - Path Traversal

Title source: rule
STIX 2.1

Description

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN28804532/index.html
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9608

Scores

CVSS v3 7.5
EPSS 0.0260
EPSS Percentile 83.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
ultimatemember/user_profile_\&_membership < 2.0.4
Published May 14, 2018
Tracked Since Feb 18, 2026