Lucene search
Panagiotis VagenasPATCHSTACK:3884BFB3D34AAAEF952C6AFB65EE5E9CHistoryMay 21, 2015 - 12:00 a.m.
WordPress WP Membership Plugin 1.2.3 - Multiple Vulnerabilities
2015-05-2100:00:00
Panagiotis Vagenas
patchstack.com
4
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
There are multiple vulnerabilities in this WordPress Membership plugin.
- Privilege escalation. Because of this vulnerability, an attacker can take administrative role
to the infected website via “iv_membership_update_user_settings” AJAX action. - Stored XSS allows an attacker to login as regular user and update any field of the profile.
- Unauthorized post publish and stored XSS vulnerabilities allow an attacker to publish posts without any administrator permission.
Solution
Upgrade the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp membership | le | 1.2.3 |
References
Related
zdt
zdt
WordPress WP Membership Plugin 1.2.3 Privilege Escalation Vulnerability
2015-05-23 00:00:00
securityvulns
securityvulns
cve
cve
CVE-2015-4038
2015-06-03 20:59:00
CVE-2015-4039
2020-01-06 19:15:00
packetstorm
packetstorm
WordPress WP Membership 1.2.3 Privilege Escalation
2015-05-22 00:00:00
prion
prion
Code injection
2015-06-03 20:59:00
Cross site scripting
2020-01-06 19:15:00
wpvulndb
wpvulndb
WP Membership <= 1.2.3 - Multiple Vulnerabilities
2015-05-21 00:00:00
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related for PATCHSTACK:3884BFB3D34AAAEF952C6AFB65EE5E9C