Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-13T16:31:09
Updated: 2024-08-04T09:11:05.133Z
Reserved: 2020-01-13T00:00:00
Link: CVE-2020-6859
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-01-13T17:15:11.743
Modified: 2020-01-22T13:44:19.757
Link: CVE-2020-6859
Redhat
No data.