Description

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.

Remediation

References

CVE-2020-36170

Related Vulnerabilities

Oracle Database Server CVE-2006-5341 Vulnerability (CVE-2006-5341)

MySQL CVE-2022-21625 Vulnerability (CVE-2022-21625)

WordPress Plugin Sliding Recent Posts Cross-Site Request Forgery (1.0)

Microsoft SQL Server CVE-2023-23384 Vulnerability (CVE-2023-23384)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)

Severity

Medium

Classification

CVE-2020-36170 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities