CVE-2019-10271

Name of the Vulnerable Software and Affected Versions Ultimate Member plugin version 2.39

Description An issue in the Ultimate Member plugin for WordPress allows unauthorized modification of user profiles and cover pictures. Once connected, an attacker can modify the profile and cover picture of any user, including those of privileged users. To exploit this, an attacker would need to intercept an upload-picture request and modify the user id parameter.

Recommendations For Ultimate Member plugin version 2.39, consider disabling the profile and cover picture modification functionality until a patch is available. Restrict access to the upload-picture request to minimize the risk of exploitation. Avoid using the user id parameter in the affected request until the issue is resolved.