CVE-2020-36155

CRITICAL EXPLOITED NUCLEI

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta Registration

Title source: llm

Exploitation Summary

CVE-2020-36155 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access.

Nuclei Templates (1)

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

CRITICALVERIFIEDby riteshs4hu

Shodan: http.html:/wp-content/plugins/ultimate-member/

FOFA: body="/wp-content/plugins/ultimate-member"

References (3)

Core 3

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://wordpress.org/plugins/ultimate-member/#developers

Exploit, Third Party Advisory x_refsource_misc

https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/cf13b0f8-5815-4d27-a276-5eff8985fc0b

Scores

CVSS v3 10.0

EPSS 0.0897

EPSS Percentile 94.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2020-11-09

CWE

CWE-269

Status published

Products (1)

ultimatemember/ultimate_member < 2.1.12

Published Jan 04, 2021

Tracked Since Feb 18, 2026