Description
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset any users password to an arbitrary value. WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership version 1.3.75 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.3.77 or latest
References
Related Vulnerabilities
MySQL CVE-2020-2806 Vulnerability (CVE-2020-2806)
WordPress Plugin WordPress Responsive Preview Cross-Site Scripting (1.1)
WordPress Plugin NewStatPress Cross-Site Scripting (1.0.3)
WordPress Plugin 3D Cover Carousel Cross-Site Scripting (1.0)
Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4724)