Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:E97EC5DE-D746-4B93-B17F-719A0F426DF6
HistoryNov 24, 2023 - 12:00 a.m.

Simple Membership < 4.3.5 - Privilege escalation via Registration

2023-11-2400:00:00
wpscan.com
1
wordpress
privilege escalation
input validation
unauthenticated attackers
user role

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The Simple Membership plugin for WordPress is vulnerable to privilege escalation due to missing input validation on the create_swpm_user function in versions up to, and including, 4.3.4. This makes it possible for unauthenticated attackers to register users with arbitrary membership levels. Since membership levels can be granted a higher user role than subscriber, this can lead to privilege escalation

CPENameOperatorVersion
eq4.3.5

Related

cvelist 1
cve 1
nvd 1
vulnrichment 1
nessus 1
wordfence 1
cvelist
cvelist
CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability
2024-05-17 06:56:37
cve
cve
CVE-2023-41957
2024-05-17 07:16:00
nvd
nvd
CVE-2023-41957
2024-05-17 07:16:00
vulnrichment
vulnrichment
CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability
2024-05-17 06:56:37
nessus
nessus
Simple Membership Plugin For WordPress < 4.3.5 Multiple Vulnerabilities
2023-10-05 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)
2023-10-05 15:10:17

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for WPVDB-ID:E97EC5DE-D746-4B93-B17F-719A0F426DF6
cvelist1cve1nvd1vulnrichment1nessus1wordfence1