Vulnerability Details : CVE-2020-36155
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access.
Vulnerability category: Gain privilege
Products affected by CVE-2020-36155
- cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36155
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36155
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
MITRE | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-36155
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36155
-
https://wpscan.com/vulnerability/cf13b0f8-5815-4d27-a276-5eff8985fc0b
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta Security VulnerabilityExploit;Third Party Advisory
-
https://wordpress.org/plugins/ultimate-member/#developers
Ultimate Member – User Profile & Membership Plugin – WordPress plugin | WordPress.orgRelease Notes;Third Party Advisory
-
https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/
Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member PluginExploit;Third Party Advisory
Jump to