CVE-2019-10271

Published: Jun 24, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.

Affected (1)

Products: Ultimatemember: Ultimate Member

Ultimatemember

1 product

Ultimate Member

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ultimatemember Ultimate Member	Before 2.0.40

References (2)

https://cxsecurity.com/issue/WLB-2019060120

Source: cve@mitre.org

Third Party Advisory

https://cxsecurity.com/issue/WLB-2019060120

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.