Lucene search

WordfenceCVELIST:CVE-2022-4939

HistoryApr 05, 2023 - 6:00 p.m.

CVE-2022-4939

2023-04-0518:00:30

Wordfence

www.cve.org

wordpress

privilege escalation

capability check

ajax action

membership plugin

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

59.0%

JSON

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.

CNA Affected

[
  {
    "vendor": "wclovers",
    "product": "WCFM Membership – WooCommerce Memberships for Multivendor Marketplace",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.10.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2633191%40wc-multivendor-membership&new=2633191%40wc-multivendor-membership&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/0870de2d-bca5-4d57-a07f-877a416ce0d5?source=cve

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

59.0%

JSON

Related for CVELIST:CVE-2022-4939