Vulnerabilities > CVE-2020-6859 - Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Ultimate Member

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ultimatemember

CWE-639

NVD

Published: 2020-01-13

Updated: 2020-01-22

Summary

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.

Vulnerable Configurations

Part	Description	Count
Application	Ultimatemember Ultimatemember Ultimate Member 1.0.0 Ultimatemember Ultimate Member 1.0.10 Ultimatemember Ultimate Member 1.0.15 Ultimatemember Ultimate Member 1.0.16 Ultimatemember Ultimate Member 1.0.17 Ultimatemember Ultimate Member 1.0.18 Ultimatemember Ultimate Member 1.0.19 Ultimatemember Ultimate Member 1.0.20 Ultimatemember Ultimate Member 1.0.21 Ultimatemember Ultimate Member 1.0.22 Ultimatemember Ultimate Member 1.0.23 Ultimatemember Ultimate Member 1.0.24 Ultimatemember Ultimate Member 1.0.25 Ultimatemember Ultimate Member 1.0.26 Ultimatemember Ultimate Member 1.0.27 Ultimatemember Ultimate Member 1.0.28 Ultimatemember Ultimate Member 1.0.29 Ultimatemember Ultimate Member 1.0.30 Ultimatemember Ultimate Member 1.0.31 Ultimatemember Ultimate Member 1.0.32 Ultimatemember Ultimate Member 1.0.33 Ultimatemember Ultimate Member 1.0.34 Ultimatemember Ultimate Member 1.0.35 Ultimatemember Ultimate Member 1.0.36 Ultimatemember Ultimate Member 1.0.37 Ultimatemember Ultimate Member 1.0.38 Ultimatemember Ultimate Member 1.0.39 Ultimatemember Ultimate Member 1.0.40 Ultimatemember Ultimate Member 1.0.41 Ultimatemember Ultimate Member 1.0.42 Ultimatemember Ultimate Member 1.0.43 Ultimatemember Ultimate Member 1.0.44 Ultimatemember Ultimate Member 1.0.45 Ultimatemember Ultimate Member 1.0.46 Ultimatemember Ultimate Member 1.0.47 Ultimatemember Ultimate Member 1.0.48 Ultimatemember Ultimate Member 1.0.49 Ultimatemember Ultimate Member 1.0.50 Ultimatemember Ultimate Member 1.0.51 Ultimatemember Ultimate Member 1.0.52 Ultimatemember Ultimate Member 1.0.53 Ultimatemember Ultimate Member 1.0.54 Ultimatemember Ultimate Member 1.0.55 Ultimatemember Ultimate Member 1.0.56 Ultimatemember Ultimate Member 1.0.57 Ultimatemember Ultimate Member 1.0.58 Ultimatemember Ultimate Member 1.0.59 Ultimatemember Ultimate Member 1.0.60 Ultimatemember Ultimate Member 1.0.61 Ultimatemember Ultimate Member 1.0.62 Ultimatemember Ultimate Member 1.0.63 Ultimatemember Ultimate Member 1.0.64 Ultimatemember Ultimate Member 1.0.65 Ultimatemember Ultimate Member 1.0.66 Ultimatemember Ultimate Member 1.0.67 Ultimatemember Ultimate Member 1.0.68 Ultimatemember Ultimate Member 1.0.69 Ultimatemember Ultimate Member 1.0.70 Ultimatemember Ultimate Member 1.0.71 Ultimatemember Ultimate Member 1.0.72 Ultimatemember Ultimate Member 1.0.73 Ultimatemember Ultimate Member 1.0.74 Ultimatemember Ultimate Member 1.0.75 Ultimatemember Ultimate Member 1.0.76 Ultimatemember Ultimate Member 1.0.77 Ultimatemember Ultimate Member 1.0.78 Ultimatemember Ultimate Member 1.0.79 Ultimatemember Ultimate Member 1.0.80 Ultimatemember Ultimate Member 1.0.81 Ultimatemember Ultimate Member 1.0.82 Ultimatemember Ultimate Member 1.0.83 Ultimatemember Ultimate Member 1.0.84 Ultimatemember Ultimate Member 1.0.85 Ultimatemember Ultimate Member 1.0.86 Ultimatemember Ultimate Member 1.0.87 Ultimatemember Ultimate Member 1.0.88 Ultimatemember Ultimate Member 1.0.89 Ultimatemember Ultimate Member 1.0.90 Ultimatemember Ultimate Member 1.0.91 Ultimatemember Ultimate Member 1.0.92 Ultimatemember Ultimate Member 1.0.93 Ultimatemember Ultimate Member 1.0.94 Ultimatemember Ultimate Member 1.0.95 Ultimatemember Ultimate Member 1.0.96 Ultimatemember Ultimate Member 1.1.0 Ultimatemember Ultimate Member 1.1.1 Ultimatemember Ultimate Member 1.1.2 Ultimatemember Ultimate Member 1.1.3 Ultimatemember Ultimate Member 1.1.4 Ultimatemember Ultimate Member 1.1.5 Ultimatemember Ultimate Member 1.1.6 Ultimatemember Ultimate Member 1.2.2 Ultimatemember Ultimate Member 1.2.3 Ultimatemember Ultimate Member 1.2.4 Ultimatemember Ultimate Member 1.2.5 Ultimatemember Ultimate Member 1.2.6 Ultimatemember Ultimate Member 1.2.7 Ultimatemember Ultimate Member 1.2.8 Ultimatemember Ultimate Member 1.2.9 Ultimatemember Ultimate Member 1.2.91 Ultimatemember Ultimate Member 1.2.92 Ultimatemember Ultimate Member 1.2.93 Ultimatemember Ultimate Member 1.2.94 Ultimatemember Ultimate Member 1.2.95 Ultimatemember Ultimate Member 1.2.96 Ultimatemember Ultimate Member 1.2.97 Ultimatemember Ultimate Member 1.2.98 Ultimatemember Ultimate Member 1.2.99 Ultimatemember Ultimate Member 1.2.993 Ultimatemember Ultimate Member 1.2.994 Ultimatemember Ultimate Member 1.2.995 Ultimatemember Ultimate Member 1.2.996 Ultimatemember Ultimate Member 1.2.997 Ultimatemember Ultimate Member 1.3.0 Ultimatemember Ultimate Member 1.3.1 Ultimatemember Ultimate Member 1.3.11 Ultimatemember Ultimate Member 1.3.12 Ultimatemember Ultimate Member 1.3.13 Ultimatemember Ultimate Member 1.3.14 Ultimatemember Ultimate Member 1.3.15 Ultimatemember Ultimate Member 1.3.16 Ultimatemember Ultimate Member 1.3.17 Ultimatemember Ultimate Member 1.3.18 Ultimatemember Ultimate Member 1.3.19 Ultimatemember Ultimate Member 1.3.20 Ultimatemember Ultimate Member 1.3.21 Ultimatemember Ultimate Member 1.3.22 Ultimatemember Ultimate Member 1.3.23 Ultimatemember Ultimate Member 1.3.24 Ultimatemember Ultimate Member 1.3.25 Ultimatemember Ultimate Member 1.3.26 Ultimatemember Ultimate Member 1.3.27 Ultimatemember Ultimate Member 1.3.28 Ultimatemember Ultimate Member 1.3.29 Ultimatemember Ultimate Member 1.3.30 Ultimatemember Ultimate Member 1.3.31 Ultimatemember Ultimate Member 1.3.32 Ultimatemember Ultimate Member 1.3.33 Ultimatemember Ultimate Member 1.3.34 Ultimatemember Ultimate Member 1.3.35 Ultimatemember Ultimate Member 1.3.36 Ultimatemember Ultimate Member 1.3.37 Ultimatemember Ultimate Member 1.3.38 Ultimatemember Ultimate Member 1.3.39 Ultimatemember Ultimate Member 1.3.40 Ultimatemember Ultimate Member 1.3.41 Ultimatemember Ultimate Member 1.3.42 Ultimatemember Ultimate Member 1.3.43 Ultimatemember Ultimate Member 1.3.44 Ultimatemember Ultimate Member 1.3.45 Ultimatemember Ultimate Member 1.3.46 Ultimatemember Ultimate Member 1.3.47 Ultimatemember Ultimate Member 1.3.48 Ultimatemember Ultimate Member 1.3.49 Ultimatemember Ultimate Member 1.3.50 Ultimatemember Ultimate Member 1.3.51 Ultimatemember Ultimate Member 1.3.52 Ultimatemember Ultimate Member 1.3.53 Ultimatemember Ultimate Member 1.3.54 Ultimatemember Ultimate Member 1.3.55 Ultimatemember Ultimate Member 1.3.56 Ultimatemember Ultimate Member 1.3.57 Ultimatemember Ultimate Member 1.3.58 Ultimatemember Ultimate Member 1.3.59 Ultimatemember Ultimate Member 1.3.60 Ultimatemember Ultimate Member 1.3.61 Ultimatemember Ultimate Member 1.3.62 Ultimatemember Ultimate Member 1.3.63 Ultimatemember Ultimate Member 1.3.64 Ultimatemember Ultimate Member 1.3.65 Ultimatemember Ultimate Member 1.3.66 Ultimatemember Ultimate Member 1.3.67 Ultimatemember Ultimate Member 1.3.68 Ultimatemember Ultimate Member 1.3.69 Ultimatemember Ultimate Member 1.3.70 Ultimatemember Ultimate Member 1.3.71 Ultimatemember Ultimate Member 1.3.72 Ultimatemember Ultimate Member 1.3.73 Ultimatemember Ultimate Member 1.3.74 Ultimatemember Ultimate Member 1.3.75 Ultimatemember Ultimate Member 1.3.76 Ultimatemember Ultimate Member 1.3.77 Ultimatemember Ultimate Member 1.3.78 Ultimatemember Ultimate Member 1.3.79 Ultimatemember Ultimate Member 1.3.80 Ultimatemember Ultimate Member 1.3.81 Ultimatemember Ultimate Member 1.3.82 Ultimatemember Ultimate Member 1.3.83 Ultimatemember Ultimate Member 1.3.84 Ultimatemember Ultimate Member 1.3.85 Ultimatemember Ultimate Member 1.3.86 Ultimatemember Ultimate Member 1.3.87 Ultimatemember Ultimate Member 1.3.88 Ultimatemember Ultimate Member 2.0 Ultimatemember Ultimate Member 2.0.4 Ultimatemember Ultimate Member 2.0.5 Ultimatemember Ultimate Member 2.0.6 Ultimatemember Ultimate Member 2.0.7 Ultimatemember Ultimate Member 2.0.8 Ultimatemember Ultimate Member 2.0.9 Ultimatemember Ultimate Member 2.0.10 Ultimatemember Ultimate Member 2.0.11 Ultimatemember Ultimate Member 2.0.12 Ultimatemember Ultimate Member 2.0.13 Ultimatemember Ultimate Member 2.0.14 Ultimatemember Ultimate Member 2.0.15 Ultimatemember Ultimate Member 2.0.16 Ultimatemember Ultimate Member 2.0.17 Ultimatemember Ultimate Member 2.0.18 Ultimatemember Ultimate Member 2.0.19 Ultimatemember Ultimate Member 2.0.20 Ultimatemember Ultimate Member 2.0.21 Ultimatemember Ultimate Member 2.0.22 Ultimatemember Ultimate Member 2.0.23 Ultimatemember Ultimate Member 2.0.24 Ultimatemember Ultimate Member 2.0.25 Ultimatemember Ultimate Member 2.0.26 Ultimatemember Ultimate Member 2.0.27 Ultimatemember Ultimate Member 2.0.28 Ultimatemember Ultimate Member 2.0.29 Ultimatemember Ultimate Member 2.0.30 Ultimatemember Ultimate Member 2.0.31 Ultimatemember Ultimate Member 2.0.32 Ultimatemember Ultimate Member 2.0.33 Ultimatemember Ultimate Member 2.0.34 Ultimatemember Ultimate Member 2.0.35 Ultimatemember Ultimate Member 2.0.36 Ultimatemember Ultimate Member 2.0.37 Ultimatemember Ultimate Member 2.0.38 Ultimatemember Ultimate Member 2.0.39 Ultimatemember Ultimate Member 2.0.40 Ultimatemember Ultimate Member 2.0.41 Ultimatemember Ultimate Member 2.0.42 Ultimatemember Ultimate Member 2.0.43 Ultimatemember Ultimate Member 2.0.44 Ultimatemember Ultimate Member 2.0.45 Ultimatemember Ultimate Member 2.0.46 Ultimatemember Ultimate Member 2.0.47 Ultimatemember Ultimate Member 2.0.48 Ultimatemember Ultimate Member 2.0.49 Ultimatemember Ultimate Member 2.0.50 Ultimatemember Ultimate Member 2.0.51 Ultimatemember Ultimate Member 2.0.52 Ultimatemember Ultimate Member 2.0.53 Ultimatemember Ultimate Member 2.0.54 Ultimatemember Ultimate Member 2.1.2	246

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References