CVE-2020-36171: WordPress plugin vulnerability

January 21, 2021 0

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. How to mitigate CVE-2020-36171 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability Read more

CVE-2020-36170: WordPress plugin vulnerability

January 21, 2021 0

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name=”timestamp” fields in forms. How to mitigate CVE-2020-36170 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that Read more

CVE-2020-36157: WordPress plugin vulnerability

January 21, 2021 0

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during Read more

CVE-2020-36156: WordPress plugin vulnerability

January 21, 2021 0

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with Read more

CVE-2020-36155: WordPress plugin vulnerability

January 21, 2021 0

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user Read more

1 2 3 4 5 41