CVE-2020-36155

CRITICAL EXPLOITED NUCLEI

Ultimatemember Ultimate Member - Improper Privilege Management

Title source: rule

Description

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access.

Nuclei Templates (1)

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

CRITICALVERIFIEDby riteshs4hu

Shodan: http.html:/wp-content/plugins/ultimate-member/

FOFA: body="/wp-content/plugins/ultimate-member"

References (3)

[Release Notes, Third Party Advisory] https://wordpress.org/plugins/ultimate-member/#developers

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/cf13b0f8-5815-4d27-a276-5eff8985fc0b

[Exploit, Third Party Advisory] https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/

Scores

CVSS v3 10.0

EPSS 0.6202

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2020-11-09

CWE

CWE-269

Status published

Products (1)

ultimatemember/ultimate_member < 2.1.12

Published Jan 04, 2021

Tracked Since Feb 18, 2026