Description
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify arbitrary user_meta data. WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership version 1.3.52 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.53 or latest
References
Related Vulnerabilities
Oracle Database Server CVE-2006-1877 Vulnerability (CVE-2006-1877)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1488)
MySQL CVE-2019-2644 Vulnerability (CVE-2019-2644)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)
WordPress Plugin Js-appointment 'searchdata.php' SQL Injection (1.5)