Vulnerability Details : CVE-2018-0587
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2018-0587
Probability of exploitation activity in the next 30 days: 0.12%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-0587
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2018-0587
-
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0587
-
https://wpvulndb.com/vulnerabilities/9608
Ultimate Member < 2.0.4 - Multiple Issues
-
http://jvn.jp/en/jp/JVN28804532/index.html
JVN#28804532: Multiple vulnerabilities in WordPress plugin "Ultimate Member"Third Party Advisory
-
https://wordpress.org/plugins/ultimate-member/#developers
Ultimate Member – User Profile & Membership Plugin – WordPress plugin | WordPress.orgRelease Notes
Products affected by CVE-2018-0587
- cpe:2.3:a:ultimatemember:user_profile_\&_membership:*:*:*:*:*:wordpress:*:*