Description
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2011-2481)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-48008)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3273)
WordPress Plugin MW WP Form Arbitrary File Deletion (5.0.3)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-29517)