CVE-2018-1000507

Published: Jun 26, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.

Affected (1)

Products: Jjj: Wp User Groups

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jjj Wp User Groups	Version 2.0.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://advisories.dxw.com/advisories/csrf-wp-user-groups/

Source: cve@mitre.org

ExploitThird Party Advisory

https://advisories.dxw.com/advisories/csrf-wp-user-groups/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.