2 matches found
CVE-2022-2317
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter...
CVE-2022-2317
CVE-2022-2317 affects the WordPress plugin Simple Membership (versions before 4.1.3). The root cause is insufficient validation of a user-supplied parameter during registration, allowing an unauthenticated user to elevate membership privileges by manipulating the level_identifier value (as demons...