Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.0.45

  • Severity: critical
  • Status: Fixed
  • Publication: May 13, 2019

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin is a plugin for the WordPress website platform that allows users to create profiles and register for accounts. Unfortunately, versions up to 2.0.45 of this plugin are vulnerable to malicious attacks. When the file upload feature is enabled, attackers with limited access can delete any file on the WordPress website, including the important wp-config.php file. This could lead to complete control of the website being given to the attacker.

Detected in:

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin fixed vulnerable versions: >= * <= 2.0.45

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.