Lucene search
HistoryAug 01, 2022 - 1:15 p.m.
CVE-2022-2273
wordpress
membership
validation
flaw
escalation
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.9%
The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
Affected configurations
Node
simple-membership-pluginsimple_membershipRange<4.1.3wordpress
Related
wpvulndb
wpvulndb
Simple Membership < 4.1.3 - Membership Privilege Escalation
2022-07-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-08-01 13:15:00
cvelist
cvelist
CVE-2022-2273 Simple Membership < 4.1.3 - Membership Privilege Escalation
2022-08-01 12:51:22
wpexploit
wpexploit
Simple Membership < 4.1.3 - Membership Privilege Escalation
2022-07-06 00:00:00
cve
cve
CVE-2022-2273
2022-08-01 13:15:10
patchstack
patchstack
nessus
nessus
Simple Membership Plugin For WordPress < 4.1.3 Multiple Vulnerabilities
2023-10-05 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.9%
Related for NVD:CVE-2022-2273