PT-2018-9773 · Unknown · User Profile & Membership

Riccardo Ten Cate

Publicado

2018-04-23

Atualizado

2019-10-06

CVE-2018-10233

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: User Profile & Membership plugin versions prior to 2.0.7

Description: The issue concerns the lack of mitigations against cross-site request forgery attacks in the plugin. This is a structural finding throughout the entire plugin, indicating a fundamental weakness in its design.

Recommendations: For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-10233

Produtos afetados

User Profile & Membership

PT-2018-9773 · Unknown · User Profile & Membership

CVE-2018-10233

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5