Description
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset any users password to an arbitrary value. WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership version 1.3.75 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.3.77 or latest
References
Related Vulnerabilities
WordPress Plugin GS Filterable Portfolio Cross-Site Scripting (1.6.0)
Joomla! Core 3.x.x Security Bypass (3.1.0 - 3.8.12)
WordPress Plugin Goolytics-Simple Google Analytics Cross-Site Scripting (1.1.1)
PHP Other Vulnerability (CVE-2003-0442)
WordPress Plugin Contact Form Multi by BestWebSoft Cross-Site Scripting (1.2.0)