The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. How to mitigate CVE-2020-36171 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability Read more
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name=”timestamp” fields in forms. How to mitigate CVE-2020-36170 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that Read more
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during Read more
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with Read more
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user Read more
Cyberwarzone.com