Critical severity10.0NVD Advisory· Published Jan 4, 2021· Updated Jun 17, 2026
CVE-2020-36157
CVE-2020-36157
Description
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Ultimate Member plugindescription
- Range: <2.1.12
Patches
Vulnerability mechanics
References
3- wpscan.com/vulnerability/33f059c5-58e5-44b9-bb27-793c3cedef3bnvdExploitThird Party Advisory
- www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/nvdExploitThird Party Advisory
- wordpress.org/plugins/ultimate-member/nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.