Vulnerabilities > CVE-2022-3383 - Unspecified vulnerability in Ultimatemember Ultimate Member

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
ultimatemember
NVD
Published: 2022-11-29
Updated: 2023-11-07

Summary

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.

Vulnerable Configurations

Part Description Count
Application
Ultimatemember
278

References