Lucene search
K

4 matches found

Patchstack
Patchstack
added 2023/04/06 12:0 a.m.10 views

WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Privilege Escalation

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-4939 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d39bb3379dad Credits Chloe Chamberland Required...

9.8CVSS6.5AI score0.02099EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2023/04/05 10:41 p.m.7 views

CVE-2022-4939

creationtimestamp| type| source ---|---|--- 2023-04-05 22:41:11+00:00| seen| https://t.me/cibsecurity/61497...

9.8CVSS8.7AI score0.02099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/05 6:0 p.m.11 views

CVE-2022-4939 WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...

9.8CVSS7.2AI score0.02099EPSS
Exploits0References2
CVE
CVE
added 2023/04/05 6:0 p.m.53 views

CVE-2022-4939

CVE-2022-4939 affects the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. A missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings allows unauthenticated users to modify the membership registrat...

9.8CVSS9.4AI score0.02099EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder