ID CVE-2020-6859
Summary Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
References
Vulnerable Configurations
CVSS
Base: 5.0
Impact:
Exploitability:
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 13-01-2020 - 18:27
Published 13-01-2020 - 17:15
Last modified 13-01-2020 - 18:27
Back to Top