Ultimate Member Plugin till 2.5.0 på WordPress Template class-shortcodes.php load_template tpl kataloggenomgång

En kritisksvag punkt upptäcktes i Ultimate Member Plugin till 2.5.0. Som påverkar funktionen load_template filen includes/core/class-shortcodes.php av komponenten Template Handler. Manipulering av argumenten tpl en okänd ingång leder till en sårbarhet klass kataloggenomgång svag punkt. Den rådgivande finns tillgänglig för nedladdning på github.com. Denna svaga punkt är känd som CVE-2022-3966. Attacken på nätet kan. Det finns tekniska detaljer känd. Han deklarerade inte definierad. En uppgradering till den version 2.5.1 att åtgärda problemet. Uppgraderingen som erbjuds för nedladding github.com. Plåstret kan laddas ner från github.com. Som bläst uppdatera till den senaste versionen åtgärder rekommenderas. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält13/11/2022 08:4617/12/2022 14:1917/12/2022 14:21
nameUltimate Member PluginUltimate Member PluginUltimate Member Plugin
version<=2.5.0<=2.5.0<=2.5.0
platformWordPressWordPressWordPress
componentTemplate HandlerTemplate HandlerTemplate Handler
fileincludes/core/class-shortcodes.phpincludes/core/class-shortcodes.phpincludes/core/class-shortcodes.php
functionload_templateload_templateload_template
argumenttpltpltpl
cwe21 (kataloggenomgång)21 (kataloggenomgång)21 (kataloggenomgång)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifiere1bc94c1100f02a129721ba4be5fbc44c3d78ec4e1bc94c1100f02a129721ba4be5fbc44c3d78ec4e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
urlhttps://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
nameUpgradeUpgradeUpgrade
upgrade_version2.5.12.5.12.5.1
upgrade_urlhttps://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1
patch_namee1bc94c1100f02a129721ba4be5fbc44c3d78ec4e1bc94c1100f02a129721ba4be5fbc44c3d78ec4e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
patch_urlhttps://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
cveCVE-2022-3966CVE-2022-3966CVE-2022-3966
responsibleVulDBVulDBVulDB
date1668294000 (13/11/2022)1668294000 (13/11/2022)1668294000 (13/11/2022)
typeWordPress PluginWordPress PluginWordPress Plugin
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.14.14.1
cvss3_meta_basescore4.34.35.4
cvss3_meta_tempscore4.14.15.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1668294000 (13/11/2022)1668294000 (13/11/2022)
cve_nvd_summaryA vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability.A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iN
cvss3_cna_aN
cve_cnaVulDB
cvss3_nvd_basescore7.5
cvss3_cna_basescore4.3

Might our Artificial Intelligence support you?

Check our Alexa App!