9.8
CVE-2020-36832
- EPSS 0.67%
- Veröffentlicht 16.10.2024 07:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass
Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID.
Mögliche Gegenmaßnahme
Indeed Membership Pro: Update to version 8.6.1, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerwpindeed
≫
Produkt
ultimate_membership_pro
Default Statusunknown
Version
7.3
Version <
8.6.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Indeed Membership Pro
Version
[7.3, 8.6.1)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.471 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253
https://wpscan.com/vulnerability/9811025e-ab17-4255-aaaf-4f0306f5d281
https://www.wordfence.com/threat-intel/vulnerabilities/id/a5341bbd-55bd-41ad-b5d1-d6b56c141277?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/a5341bbd-55bd-41ad-b5d1-d6b56c141277