Lucene search
MitreCVELIST:CVE-2019-10673HistoryApr 03, 2019 - 4:12 a.m.
CVE-2019-10673
2019-04-0304:12:07
mitre
www.cve.org
A CSRF vulnerability in a logged-in user’s profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress “password forget” form.
Related
cve
cve
CVE-2019-10673
2019-04-03 05:29:00
patchstack
patchstack
wpvulndb
wpvulndb
Ultimate Member < 2.0.40 - Cross-Site Request Forgery (CSRF)
2019-04-01 00:00:00
nvd
nvd
CVE-2019-10673
2019-04-03 05:29:00
zdt
zdt
WordPress Ultimate Member 2.0.38 Cross Site Request Forgery Vulnerability
2019-04-01 00:00:00
packetstorm
packetstorm
WordPress Ultimate Member 2.0.38 Cross Site Request Forgery
2019-04-01 00:00:00
openvas
openvas
WordPress Ultimate Member Plugin < 2.0.40 CSRF Vulnerability
2019-07-22 00:00:00
prion
prion
Cross site request forgery (csrf)
2019-04-03 05:29:00