CVE-2020-37169

MEDIUM

WordPress Plugin ultimate-member 2.1.3 Local File Inclusion

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37169. PoCs published by Mehran Feizi.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in WordPress Plugin ultimate-member 2.1.3. The vulnerable code in class-admin-upgrade.php allows arbitrary file inclusion via the $_POST['pack'] parameter, which is directly used in an include_once statement without proper sanitization.

Description

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP files from the packages directory and execute arbitrary code.

Exploits (1)

exploitdb WORKING POC

by Mehran Feizi · textwebappsphp

https://www.exploit-db.com/exploits/48065

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in WordPress Plugin ultimate-member 2.1.3. The vulnerable code in class-admin-upgrade.php allows arbitrary file inclusion via the $_POST['pack'] parameter, which is directly used in an include_once statement without proper sanitization.

Classification

Working Poc 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin ultimate-member 2.1.3

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed May 13, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit

ExploitDB-48065

https://www.exploit-db.com/exploits/48065

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin ultimate-member 2.1.3 Local File Inclusion

https://www.vulncheck.com/advisories/wordpress-plugin-ultimate-member-local-file-inclusion

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 15.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-98

Status published

Products (1)

Ultimate Member/ultimate-member 2.1.3

Published May 13, 2026

Tracked Since May 13, 2026