Description
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify arbitrary user_meta data. WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership version 1.3.52 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.53 or latest
References
Related Vulnerabilities
Ruby on Rails Improper Input Validation Vulnerability (CVE-2010-3933)
WordPress Plugin Ultimate Maps by Supsystic SQL Injection (1.1.12)
WordPress 3.8.x Cross-Domain Flash Injection Vulnerability (3.8 - 3.8.24)
WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.10)
WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)