An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges.
How to mitigate CVE-2020-36157
Time needed: 5 minutes.
Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been reported in CVE-2020-36157.
- Install the latest version of WordPress
Navigate to the official WordPress website and download the latest version of WordPress. The latest version contains the CVE-2020-36157 fix.
- Perform a vulnerability assessment
Perform a scan on your WordPress environment(s), and check for vulnerabilities. Verify if CVE-2020-36157 has been mitigated.
- Utilize the references
The CVE-2020-36157 references have been provided for a reason. Utilize these references and make sure that you are correctly informed.