WordPress Plugin Vulnerabilities

Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal

Description

The plugin does not validate and sanitize the template attribute of its shortcode before using it in an include statement, which could allow users with a role as low as contributor to perform local file inclusion attacks via a Traversal vector

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.5.1

References

CVE
CVE-2022-3361

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ruijie Li
Verified
No
WPVDB ID
1b0a48ad-05d1-4db2-a565-7261da0cbf8e

Timeline

Publicly Published
2022-10-28 (about 1 years ago)
Added
2022-10-30 (about 1 years ago)
Last Updated
2022-10-30 (about 1 years ago)

Other

Published
Title
Published
2022-09-05
Title
Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
Published
2017-10-20
Title
Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal
Published
2022-05-16
Title
User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal
Published
2015-07-05
Title
S3Bubble <= 0.7 - Directory Traversal leading to Arbitrary File Access
Published
2023-11-20
Title
File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal