[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmptvgsCqwvXMOTnksmZzTGOrgyoofyhyK0FhNGc2AZU":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2018-0590","ultimate-member-insecure-direct-object-reference","Ultimate Member \u003C 2.0.4 - Insecure Direct Object Reference","The Ultimate Member plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions prior to version 2.0.4. This is due to bypass access restriction via unspecified vectors. This makes it possible for authenticated attackers to modify the other users profiles via unspecified vectors.","ultimate-member",null,"\u003C2.0.4","2.0.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2018-05-10 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F13033a3c-f020-4821-a7ad-bfcfca407df0?source=api-prod",2084]