WordPress Plugin Vulnerabilities

Ultimate Member < 2.0.7 - Multiple Cross-Site Request Forgery Issues

Description

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by a Multiple Cross-Site Request Forgery Issues security vulnerability.

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.0.7

References

CVE
CVE-2018-10233
URL
https://github.com/RiieCco/write-ups/tree/master/CVE-2018-10233

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.3 (high)

Miscellaneous

Verified
No
WPVDB ID
67c2de20-0ec5-47cc-9458-a31bb6a4e9c8

Timeline

Publicly Published
2018-04-23 (about 8 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2020-08-12 (about 5 years ago)

Other

Published
Title
Published
2023-02-28
Title
Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF
Published
2024-12-11
Title
Hack-Info < 3.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-12-11
Title
Avada < 7.11.11 - Cross-Site Request Forgery
Published
2024-04-10
Title
WordPress Hosting Benchmark tool < 1.3.7 - Cross-Site Request Forgery via execute_plugin()
Published
2020-07-18
Title
Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()