Lucene search
K

4 matches found

OSV
OSV
added 2023/04/05 7:15 p.m.3 views

CVE-2022-4940

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...

6.5CVSS6.9AI score0.01084EPSS
Exploits0References4
Prion
Prion
added 2023/04/05 7:15 p.m.16 views

Design/Logic Flaw

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...

6.4CVSS6.3AI score0.01084EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.12 views

WCFM Membership < 2.10.0 - Multiple CSRF

The plugin does not have CSRF checks in various AJAX actions, allowing attackers to make logged in admins call them and modify membership details/renewal information etc via CSRF attacks...

8.8CVSS8.6AI score0.00321EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.5 views

PT-2023-15926

Name of the Vulnerable Software and Affected Versions WCFM Membership plugin for WordPress versions up to, and including, 2.10.0 Description The issue allows unauthorized modification and access of data due to missing capability checks on various AJAX actions. This enables unauthenticated attacke...

7.3CVSS7AI score0.01084EPSS
Exploits0References9
Rows per page
Query Builder