CVE-2018-10233
[Suggested Description]
The User Profile & Membership plugin before 2.0.7 for WordPress has no
mitigations implemented against cross site request forgery attacks.
This is a structural finding throughout
the entire plugin.
[Vulnerability Type]
Cross Site Request Forgery (CSRF)
[Vendor of Product]
https://ultimatemember.com/
[Affected Product Code Base]
User Profile & Membership plugin for WordPress - All versions < 2.0.7
[Affected Component]
User Profile & Membership plugin for WordPress
[Attack Type]
Remote
[Impact Escalation of Privileges]
true
[Attack Vectors]
Whenever an authenticated user is lured to an malicious website, the
malicious website can perform state changing operations on the
authenticated users behalf. This includes assigning high level
privileges to low level accounts such as regular subscribers in order
to escalate privileges.
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Discoverer]
Riccardo ten Cate
[Reference]
https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233