4.3

CVE-2018-0590

EPSS 0.17%
Veröffentlicht 14.05.2018 13:29:03
Zuletzt bearbeitet 21.11.2024 03:38:32
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Ultimate Member < 2.0.4 - Insecure Direct Object Reference

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.

Mögliche Gegenmaßnahme

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.0.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Version [*, 2.0.4)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ultimatemember ≫ User Profile & Membership SwPlatformwordpress Version < 2.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.348

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

https://wordpress.org/plugins/ultimate-member/#developers

Release Notes

http://jvn.jp/en/jp/JVN28804532/index.html

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9608

https://www.wordfence.com/threat-intel/vulnerabilities/id/13033a3c-f020-4821-a7ad-bfcfca407df0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0590

EUVD