CVE-2020-36156
CRITICALUltimate Member < 2.1.12 - Authenticated Privilege Escalation via Profile Update
Title source: llmDescription
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/ultimate-member/#developers
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53
Scores
CVSS v3
9.9
EPSS
0.0203
EPSS Percentile
78.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
ultimatemember/ultimate_member
< 2.1.12
Published
Jan 04, 2021
Tracked Since
Feb 18, 2026