CVE-2018-1000507

{"id": "CVE-2018-1000507", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-06-26T16:29:00.743", "references": [{"url": "https://advisories.dxw.com/advisories/csrf-wp-user-groups/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://advisories.dxw.com/advisories/csrf-wp-user-groups/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1."}, {"lang": "es", "value": "WP User Groups 2.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la p\u00e1gina Settings que puede resultar en que cualquiera pueda modificar grupos y tipos de usuario. El ataque parece ser explotable mediante un administrador que abra un enlace. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 2.1.1."}], "lastModified": "2024-11-21T03:40:04.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jjj:wp_user_groups:2.0.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "270DECD8-4761-4B95-BED4-A106036C0AA5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}