4 matches found
WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Privilege Escalation
Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-4939 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d39bb3379dad Credits Chloe Chamberland Required...
CVE-2022-4939
creationtimestamp| type| source ---|---|--- 2023-04-05 22:41:11+00:00| seen| https://t.me/cibsecurity/61497...
CVE-2022-4939 WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation
THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...
CVE-2022-4939
CVE-2022-4939 affects the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. A missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings allows unauthenticated users to modify the membership registrat...