4.3
CVE-2019-10271
- EPSS 0.86%
- Veröffentlicht 24.06.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 04:18:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginUltimate Member <= 2.0.39 - Unauthorized Profile Modification
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.
Mögliche Gegenmaßnahme
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.0.40, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ultimatemember ≫ Ultimate Member SwPlatformwordpress Version < 2.0.40
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Version
*-2.0.39
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.537 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
https://cxsecurity.com/issue/WLB-2019060120
https://www.wordfence.com/threat-intel/vulnerabilities/id/00b4b903-4682-458b-9681-751179460b75