Description

An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to know the user_id, which is publicly available. One just has to intercept the password modification request and modify user_id. It is possible to modify the passwords for any users or admin WordPress Ultimate Members. This could lead to account compromise and privilege escalation.

Remediation

References

CVE-2019-10270

Related Vulnerabilities

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-11322)

WordPress Plugin Slider Hero with Animation, Video Background Unspecified Vulnerability (5.5.0)

MediaWiki CVE-2023-45367 Vulnerability (CVE-2023-45367)

WordPress Plugin Q and A FAQ and Knowledge Base for WordPress Multiple SQL Injection Vulnerabilities (1.0.6.2)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2042)

Severity

High

Classification

CVE-2019-10270 CWE-640 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities