4.3

CVE-2019-10271

EPSS 0.22%
Veröffentlicht 24.06.2019 19:15:10
Zuletzt bearbeitet 21.11.2024 04:18:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Ultimate Member <= 2.0.39 - Unauthorized Profile Modification

An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.

Mögliche Gegenmaßnahme

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.0.40, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Version *-2.0.39

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ultimatemember ≫ Ultimate Member SwPlatformwordpress Version < 2.0.40

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.448

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://cxsecurity.com/issue/WLB-2019060120

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/00b4b903-4682-458b-9681-751179460b75

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10271

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10271

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10271

EUVD