Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2020-6859

CVE, Research URL: CVE-2020-6859
Home page URL: Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Application: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Published on: Jan 13, 2020
Research Description: Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
Affected versions: max 2.1.3.
Status: vulnerable

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &amp; Membership Plugin, CVE-2020-6859