Headline
CVE-2022-3966: Release Ultimate Member 2.5.1 · ultimatemember/ultimatemember
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability.
Enhancements:
- Added: Custom fields callbacks blacklist. Use um_dropdown_options_source_blacklist filter for adding your custom functions to the custom callbacks blacklist. By default, there are all PHP internal functions.
Bugfixes:
- Fixed: Posts’ restriction that is based on term restriction settings
- Fixed: Issue with class name in checkbox and radio. Class name being ‘activeright’ instead of ‘active right’
- Fixed: Admin upgrade scripts and upgrades pack validation
- Fixed: Directory traversal vulnerabilities
- Fixed: Destroying user sessions after changing “Approved” status to something else (e.g. deactivated)
- Fixed: Conflict when wp_get_current_user() not exists. Transferred restriction settings callbacks to the plugins_loaded hook
- Fixed: Restriction post displaying when 404 is enabled and old restriction logic isn’t active
- Fixed: PHP warning when nav menu is empty
- Fixed: Disable auto-login after the user is registered by the Administrator and UM Registration form
- Fixed: Some typos errors
- Fixed: Using apostrophe symbols in emails for registration and login both
- Fixed: Sanitizing YouTube links. Applying both https://youtu.be/xxxxxxx and https://youtube.com/xxxxxxx links
Deprecated:
- Removed: Outdated setting using in code (force_display_name_capitlized). Moved the functionality to extended repo