Description

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.

Remediation

References

CVE-2020-36170

Related Vulnerabilities

Joomla! Core 3.9.x Cross-Site Request Forgery (3.9.0 - 3.9.19)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0491)

Apache Tomcat Cryptographic Issues Vulnerability (CVE-2011-5064)

MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1626)

Opencart Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3990)

Severity

Medium

Classification

CVE-2020-36170 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities