PT-2018-9405 · WordPress · Wp User Groups
Mallory Adams
·
Publicado
2018-06-26
·
Atualizado
2018-08-30
·
CVE-2018-1000507
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
WP User Groups versions 2.0.0 through 2.1.0
Description
The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page, which can be exploited to modify user groups and types. This can occur when an Admin clicks on a malicious link.
Recommendations
For WP User Groups versions 2.0.0 through 2.1.0, update to version 2.1.1 to resolve the issue.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wp User Groups