Description

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.

Remediation

References

CVE-2022-3384

Related Vulnerabilities

WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)

ownCloud Other Vulnerability (CVE-2022-25339)

Oracle Database Server CVE-2011-3512 Vulnerability (CVE-2011-3512)

WordPress Plugin MediaPress Security Bypass (1.1.9)

WordPress Plugin Welcart e-Commerce Information Disclosure (2.2.7)

Severity

High

Classification

CVE-2022-3384 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities