Directory Traversal Vulnerability in Ultimate Member Plugin for WordPress
CVE-2022-3361

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Ultimate Member – User Profile, User Registration, Login & Membership Plugin
Vendor: CVE Published:; 29 November 2022

Summary

The Ultimate Member plugin for WordPress is susceptible to a directory traversal vulnerability due to inadequate input validation on the 'template' attribute used in shortcodes. This flaw allows attackers with administrative privileges to manipulate paths using traversal sequences (../../) to reach files outside of the designated directories. If a malicious actor manages to upload a PHP file, it could lead to remote code execution through file inclusion. It is important to note that users with limited permissions can also exploit this vulnerability if they have access to the /wp-admin area.

Affected Version(s)

Ultimate Member – User Profile, User Registration, Login & Membership Plugin * <= 2.5.0

References

https://www.yuque.com/docs/share/23f988ad-1402-42f2-b8d2-...

https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-...

https://www.wordfence.com/vulnerability-advisories-contin...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2022
Vulnerability Reserved
Sep 29, 2022

Credit

Ruijie Li