#VU24502 Improper access control in Ultimate Member - User Profile & Membership Plugin - CVE-2020-6859
Published: January 24, 2020
Vulnerability identifier: #VU24502
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-6859
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Ultimate Member - User Profile & Membership Plugin
Ultimate Member - User Profile & Membership Plugin
Software vendor:
Ultimate Member
Ultimate Member
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to Insecure Direct Object Reference (IDOR) issue in includes/core/class-files.php. A remote attacker can bypass implemented security restrictions and change other users' profiles and cover photos via a modified "user_id" parameter. This is related to "ajax_image_upload" and "ajax_resize_image".
.
Remediation
Install updates from vendor's website.
External links
- https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269
- https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310
- https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1
- https://wordpress.org/plugins/ultimate-member/#developers
- https://wpvulndb.com/vulnerabilities/10041