Vigil@nce - WordPress Ultimate Member: file reading via um-admin-dashboard.php
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read a file via "um-admin-dashboard.php" of
WordPress Ultimate Member, in order to obtain sensitive
information.
Impacted products: WordPress Plugins not comprehensive.
Severity: 2/4.
Creation date: 11/07/2016.
DESCRIPTION OF THE VULNERABILITY
The Ultimate Member plugin can be installed on WordPress.
However, an attacker can make the module insert the content of a
client chosen file into the HTML of an administration page, via
the request parameter "page" as handled by the file
"um-admin-dashboard.php".
An attacker can therefore read a file via "um-admin-dashboard.php"
of WordPress Ultimate Member, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN