Description The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. Remediation References CVE-2020-36170 Related Vulnerabilities Joomla CVE-2006-4469 Vulnerability (CVE-2006-4469) Oracle Database Server CVE-2008-1821 Vulnerability (CVE-2008-1821) WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark SQL Injection (2.9.3) WordPress Plugin LISL Last-Image Slider TimThumb Arbitrary File Upload (1.0) phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2284) Severity Medium Classification CVE-2020-36170 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities