Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Ultimate Member Plugin CVE-2020-36170 Vulnerability (CVE-2020-36170)

Description

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.

Remediation

References

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-1283)

Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)

WordPress 4.1.x Directory Traversal (4.1 - 4.1.40)

WordPress Plugin WP Symposium Open Redirect (13.04)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.8.6)

Severity

Medium

Classification

CVE-2020-36170 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities