Critical severity is coming to Acunetix Standard & Premium. Find out more on our blog.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership Information Disclosure (1.2.5)

Description

WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership version 1.2.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.6 or latest

References

https://wordpress.org/plugins/ultimate-member/changelog/

Related Vulnerabilities

WordPress Plugin Simple add pages or posts Cross-Site Request Forgery (1.6)

WordPress Plugin Comment Attachment Cross-Site Scripting (1.5.5)

WordPress Plugin Gutenberg Blocks by WordPress Download Manager Cross-Site Scripting (2.1.8)

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Upload (6.4)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.5.8)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Information Disclosure