3 matches found
WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Broken Access Control
Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4940 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID b80cebcdc2c4 Credits Chloe Chamberland Required...
CVE-2022-4940 WCFM Membership <= 2.10.0 - Missing Authorization
The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...
CVE-2022-4940
CVE-2022-4940 affects the WordPress plugin WCFM Membership (WordPress/WCFM Membership plugin) up to version 2.10.0. The root cause is missing capability checks on several AJAX actions (wcfm-memberships, wcfm-memberships-manage, wcfm-memberships-settings), leading to broken access control and allo...