Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-13T16:31:09
Updated: 2024-08-04T09:11:05.133Z
Reserved: 2020-01-13T00:00:00
Link: CVE-2020-6859
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-01-13T17:15:11.743
Modified: 2024-11-21T05:36:18.543
Link: CVE-2020-6859
Redhat
No data.