What is CVE-2020-36155?

CVE-2020-36155 is a critical-severity vulnerability in N/a. CVSS score: 10.0/10. Published 2021-01-04.

How severe is CVE-2020-36155?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2020-36155 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user…

EPSS: 0.620 (98.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

wordpress.org/plugins/ultimate-member/ (x_refsource_MISC)
www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-af… (x_refsource_MISC)
wpscan.com/vulnerability/cf13b0f8-5815-4d27-a276-5eff8985fc0b (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-36155?: CVE-2020-36155 is a critical-severity vulnerability in N/a. CVSS score: 10.0/10. Published 2021-01-04.
How severe is CVE-2020-36155?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2020-36155 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.