Description
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2020-28001 | Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image. |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T09:11:05.133Z
Reserved: 2020-01-13T00:00:00.000Z
Link: CVE-2020-6859
No data.
Status : Modified
Published: 2020-01-13T17:15:11.743
Modified: 2026-06-17T03:23:56.063
Link: CVE-2020-6859
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-639
Authorization Bypass Through User-Controlled Key
EUVD