CVE-2018-0587

EUVD-2018-1397
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
ultimatememberuser_profile_\&_membership
𝑥
< 2.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN28804532/index.html
https://wordpress.org/plugins/ultimate-member/#developers
https://wpvulndb.com/vulnerabilities/9608
http://jvn.jp/en/jp/JVN28804532/index.html
https://wordpress.org/plugins/ultimate-member/#developers
https://wpvulndb.com/vulnerabilities/9608