WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Member < 2.0.52 - CSRF and Stored XSS issues

Description

A CSRF vulnerability in adding/editing user roles in Ultimate Member 2.0.49. It also lead to stored XSS. 

Edit (WPScanTeam):
July 9th, 2019 - v2.0.50 released and still affected. Escalated to WP Plugins Team
July 9th, 2019 - v2.0.51 released, fixing the CSRF but not the XSS
July 11th, 2019 - Escalated again to WP Plugins team, as another XSS was reported on June 24th, 2019  (https://github.com/ultimatemember/ultimatemember/issues/578) and was still unfixed.
July 11th - v2.0.52 released fixing both XSS

Proof of Concept

Video POC : https://drive.google.com/file/d/1wz846fP9rB97PlRSlC4xHYW_Q5QJXK4s/view?usp=sharing

csrf-um.html : https://drive.google.com/file/d/1p6Rzw3ts7RASP4X7H8v2CI3TIXPVwVn1/view?usp=sharing

Affects Plugins

ultimate-member
Fixed in version 2.0.52

References

CVE
CVE-2019-14946
CVE
CVE-2019-14947

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

m0ns7er

Submitter

Akash Labade

Submitter website
https://www.asfaleia.tech
Submitter twitter
akash_labade
Verified

Yes

WPVDB ID
fe9a9ae7-b547-4ac3-b309-93ab37d68112

Timeline

Publicly Published

2019-06-24 (about 3 years ago)

Added

2019-07-11 (about 3 years ago)

Last Updated

2020-08-12 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin