Lucene search
PRIOn knowledge basePRION:CVE-2019-10673HistoryApr 03, 2019 - 5:29 a.m.
Cross site request forgery (csrf)
2019-04-0305:29:00
PRIOn knowledge base
www.prio-n.com
7
A CSRF vulnerability in a logged-in user’s profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress “password forget” form.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ultimate_member | lt | 2.0.40 |
Related
wpvulndb
wpvulndb
Ultimate Member < 2.0.40 - Cross-Site Request Forgery (CSRF)
2019-04-01 00:00:00
nvd
nvd
CVE-2019-10673
2019-04-03 05:29:00
cve
cve
CVE-2019-10673
2019-04-03 05:29:00
patchstack
patchstack
packetstorm
packetstorm
WordPress Ultimate Member 2.0.38 Cross Site Request Forgery
2019-04-01 00:00:00
openvas
openvas
WordPress Ultimate Member Plugin < 2.0.40 CSRF Vulnerability
2019-07-22 00:00:00
cvelist
cvelist
CVE-2019-10673
2019-04-03 04:12:07
zdt
zdt
WordPress Ultimate Member 2.0.38 Cross Site Request Forgery Vulnerability
2019-04-01 00:00:00