4.3
CVE-2018-0590
- EPSS 1.1%
- Veröffentlicht 14.05.2018 13:29:03
- Zuletzt bearbeitet 21.11.2024 03:38:32
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginUltimate Member < 2.0.4 - Insecure Direct Object Reference
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.
Mögliche Gegenmaßnahme
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.0.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ultimatemember ≫ User Profile & Membership SwPlatformwordpress Version < 2.0.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Version
[*, 2.0.4)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.1% | 0.614 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
https://wordpress.org/plugins/ultimate-member/#developers
http://jvn.jp/en/jp/JVN28804532/index.html
https://wpvulndb.com/vulnerabilities/9608
https://www.wordfence.com/threat-intel/vulnerabilities/id/13033a3c-f020-4821-a7ad-bfcfca407df0