vulnerability

WordPress Plugin: ultimate-member: CVE-2018-0587: Improper Authorization

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Aug 12, 2019

Added

May 15, 2025

Modified

May 5, 2026

Description

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

Solution

ultimate-member-plugin-cve-2018-0587

References

https://www.cve.org/CVERecord?id=CVE-2018-0587
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e75e877-14e6-4e51-b435-d78f8ab95d12?source=api-prod
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-1397
CVE-2018-0587
https://attackerkb.com/topics/CVE-2018-0587
CWE-434
EUVD-EUVD-2018-1397

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report