Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
write-ups/CVE-2018-10233/
write-ups/CVE-2018-10233/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2018-10233

[Suggested Description]

The User Profile & Membership plugin before 2.0.7 for WordPress has no
mitigations implemented against cross site request forgery attacks.
This is a structural finding throughout
the entire plugin.

[Vulnerability Type]

 Cross Site Request Forgery (CSRF)

[Vendor of Product]

https://ultimatemember.com/

[Affected Product Code Base]

User Profile & Membership plugin for WordPress - All versions < 2.0.7

[Affected Component]

User Profile & Membership plugin for WordPress

[Attack Type]

Remote

[Impact Escalation of Privileges]

true

[Attack Vectors]

Whenever an authenticated user is lured to an malicious website, the
malicious website can perform state changing operations on the
authenticated users behalf. This includes assigning high level
privileges to low level accounts such as regular subscribers in order
to escalate privileges.

[Has vendor confirmed or acknowledged the vulnerability?]

true

[Discoverer]

Riccardo ten Cate

[Reference]

https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233