SB2020012404 - Improper access control in Ultimate Member – User Profile & Membership Plugin for WordPress
Published: January 24, 2020
Security Bulletin ID
SB2020012404
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2020-6859)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to Insecure Direct Object Reference (IDOR) issue in includes/core/class-files.php. A remote attacker can bypass implemented security restrictions and change other users' profiles and cover photos via a modified "user_id" parameter. This is related to "ajax_image_upload" and "ajax_resize_image".
.
Remediation
Install update from vendor's website.
References
- https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269
- https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310
- https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1
- https://wordpress.org/plugins/ultimate-member/#developers
- https://wpvulndb.com/vulnerabilities/10041