Published: 03/04/2019 Updated: 16/03/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin prior to 2.0.40 for WordPress allows malicious users to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress "password forget" form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ultimatemember ultimate member

WordPress Ultimate Member plugin version 2038 suffers from a cross site request forgery vulnerability ...

CWE-352 http://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html https://wpvulndb.com/vulnerabilities/9250 https://nvd.nist.gov https://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10673

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect