CVE-2020-37169
EUVD-2020-3121613.05.2026, 16:16
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP files from the packages directory and execute arbitrary code.
Awaiting analysis
This vulnerability is currently awaiting analysis.