Lucene search

[email protected]NVD:CVE-2018-1000507

HistoryJun 26, 2018 - 4:29 p.m.

CVE-2018-1000507

2018-06-2616:29:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.0%

JSON

WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.

Affected configurations

Nvd

Node

jjjwp_user_groupsMatch2.0.0wordpress

VendorProductVersionCPE
jjjwp_user_groups2.0.0cpe:2.3:a:jjj:wp_user_groups:2.0.0:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
jjj	wp_user_groups	2.0.0	cpe:2.3:a:jjj:wp_user_groups:2.0.0:::::wordpress::

References

advisories.dxw.com/advisories/csrf-wp-user-groups/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.0%

JSON

Related for NVD:CVE-2018-1000507

cvelist1 prion1 cve1