Description
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
Remediation
References
Related Vulnerabilities
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3541)
WordPress Plugin Photocart Link Local File Inclusion (1.6)
Atlassian Jira CVE-2018-5231 Vulnerability (CVE-2018-5231)
SharePoint Origin Validation Error Vulnerability (CVE-2020-16952)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0216)