Vulnerability Name:

CVE-2018-0586

Assigned:2017-11-27
Published:2018-05-10
Updated:2018-05-14
Summary:Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVSS v3 Severity:5.0 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)
4.8 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
References:Source: JVN
Type: UNKNOWN
JVN#28804532

Source: XF
Type: UNKNOWN
wp-ultimate-cve20180586-dir-traversal(143159)

Source: CONFIRM
Type: UNKNOWN
https://wordpress.org/plugins/ultimate-member/#developers

BACK