CVE-2023-4293 Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation

🗓️ 12 Aug 2023 07:42:51Reported by WordfenceType

The WordPress plugin Premium Packages - Sell Digital Products Securely is vulnerable to privilege escalation due to insufficient restriction on the 'wpdmpp_update_profile' function

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of the Premium Package plugin – selling digital products securely through a WordPress website’s content management system, allowing attackers to increase their privileges.	17 Oct 202300:00	–	bdu_fstec
Circl	CVE-2023-4293	12 Aug 202312:17	–	circl
CNNVD	WordPress plugin Premium Packages - Sell Digital Products Securely Security Vulnerability	12 Aug 202300:00	–	cnnvd
CVE	CVE-2023-4293	12 Aug 202307:42	–	cve
EUVD	EUVD-2023-54164	3 Oct 202520:07	–	euvd
NVD	CVE-2023-4293	12 Aug 202308:15	–	nvd
OSV	CVE-2023-4293	12 Aug 202308:15	–	osv
Patchstack	WordPress Premium Packages Plugin <= 5.7.4 is vulnerable to Privilege Escalation	14 Aug 202300:00	–	patchstack
Prion	Design/Logic Flaw	12 Aug 202308:15	–	prion
Positive Technologies	PT-2023-6137 · WordPress · The Premium Packages – Sell Digital Products Securely	11 Aug 202300:00	–	ptsecurity

[
  {
    "vendor": "codename065",
    "product": "Premium Packages – Sell Digital Products Securely",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "5.7.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/2951917/wpdm-premium-packages
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/82137302-60ca-44d5-b087-dc96e2815fca
plugins	www.plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.7.4/wpdm-premium-packages.php

08 Apr 2026 17:03Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

EPSS0.00264

CWE-269