CSRF Vulnerability in WP User Groups 2.0.0 Allows Unauthorized Modification of User Groups and Types

CSRF Vulnerability in WP User Groups 2.0.0 Allows Unauthorized Modification of User Groups and Types

CVE-2018-1000507 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.

Learn more about our User Device Pen Test.