Ultimate Member 2.39 Unauthorized profile modification

2019.06.18

Clément Cruchet (CA)

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2019-10271

CWE: CWE-269

CVSS Base Score: 4/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

#### [CVE-2019-10271] Ultimate Member 2.39 Unauthorized profile modification
#### Description ####
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. As a connected and authenticated user it is possible to modify the profile and cover picture of any user. It is also possible to modify the profiles and cover pictures of privileged users as admin user.
#### Timeline (dd/mm/yyyy) ####
++ 12/03/2019 : Initial discovery
++ 13/03/2019 : First contact attempt (email)
++ 13/03/2019 : Response from editor
++ 26/03/2019 : Technical details sent to the editor
++ 26/03/2019 : Reply: fix planned for release 2.40
++ 15/06/2019 : Release of the advisory
#### Fixes Upgrade to Ultimate Member 2.40 ####
#### Affected versions ####
++ Versions up to 2.39
#### Credits ####
++ Clément CRUCHET <lutzenfried@proton.com>
#### Reference ####
++ https://ultimatemember.com/

References:

https://ultimatemember.com/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Ultimate Member 2.39 Unauthorized profile modification

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.