Medium severity5.5NVD Advisory· Published May 13, 2026· Updated May 13, 2026
CVE-2020-37169
CVE-2020-37169
Description
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP files from the packages directory and execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =2.1.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.