Medium severity4.3NVD Advisory· Published Jun 24, 2019· Updated Jun 17, 2026
CVE-2019-10271
CVE-2019-10271
Description
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Ultimate Member plugindescription
- Range: <=2.39
Patches
Vulnerability mechanics
References
1- cxsecurity.com/issue/WLB-2019060120nvdThird Party Advisory
News mentions
0No linked articles in our index yet.