PT-2024-10842 · WordPress · Ultimate Membership Pro

Noman Riffat

Published

2024-10-15

Updated

2024-10-21

CVE-2020-36832

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ultimate Membership Pro plugin for WordPress versions 7.3 through 8.6

Description The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID.

Recommendations For versions 7.3 through 8.6, update to a version that is not affected by this issue to prevent Authentication Bypass attacks. As a temporary workaround, consider restricting access to sensitive areas of the site to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-36832

Affected Products

Ultimate Membership Pro

PT-2024-10842 · WordPress · Ultimate Membership Pro

CVE-2020-36832

Weakness Enumeration

Related Identifiers

Affected Products

References · 13