Description
WordPress Plugin Ultimeter is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently perform a variety of the plugin's actions or even take over a website. WordPress Plugin Ultimeter version 1.9.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9.3 or latest
References
Related Vulnerabilities
Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)
WordPress Plugin YouSayToo auto-publishing 'submit' Parameter Cross-Site Scripting (1.0.1)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1102)
Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)