CVE-2020-36157

{"id": "CVE-2020-36157", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-01-04T18:15:13.777", "references": [{"url": "https://wordpress.org/plugins/ultimate-member/#developers", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpscan.com/vulnerability/33f059c5-58e5-44b9-bb27-793c3cedef3b", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/ultimate-member/#developers", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/33f059c5-58e5-44b9-bb27-793c3cedef3b", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el plugin Ultimate Member versiones anteriores a 2.1.12 para WordPress, tambi\u00e9n se conoce como Escalada de Privilegios No Autenticada por medio de User Roles. Debido a una falta de filtrado en el par\u00e1metro role que podr\u00eda ser suministrado durante el proceso de registro, un atacante podr\u00eda proporcionar el par\u00e1metro role con una capacidad de WordPress (o cualquier funci\u00f3n personalizada de Ultimate Member) y efectivamente ser otorgados esos privilegios."}], "lastModified": "2024-11-21T05:28:50.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "94A6C9AF-E52E-4C3C-9FA3-8493BC993875", "versionEndExcluding": "2.1.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}