Page 3 of 19 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-2273 – Simple Membership < 4.1.3 - Membership Privilege Escalation

https://notcve.org/view.php?id=CVE-2022-2273

The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. El plugin Simple Membership de WordPress versiones anteriores a 4.1.3, no comprueba correctamente el parámetro membership_level cuando se edita un perfil, lo que permite a los miembros escalar a un nivel de membresía superior usando una petición POST diseñada The Simple Membership plugin for WordPress is vulnerable to membership related privilege escalation in versions up to, and including, 4.1.2. This is due to insufficient validation on the membership membership_level supplied which makes it possible for authenticated users to supplied arbitrary membership levels and be granted to permissions. • https://wpscan.com/vulnerability/724729d9-1c4a-485c-9c90-a27664c47c84 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-2317 – Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

https://notcve.org/view.php?id=CVE-2022-2317

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. El plugin Simple Membership de WordPress versiones anteriores a 4.1.3, permite al usuario cambiar su membresía en la etapa de registro debido a una comprobación insuficiente de un parámetro suministrado por el usuario The Simple Membership plugin for WordPress is vulnerable to membership related privilege escalation in versions up to, and including, 4.1.2. This is due to insufficient validation on the membership level_identifier supplied which makes it possible for unauthenticated users to supplied arbitrary membership levels and be granted to permissions. • https://wpscan.com/vulnerability/77b7ca19-294c-4480-8f57-6fddfc67fffb • CWE-269: Improper Privilege Management •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-1724 – Simple Membership < 4.1.1 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2022-1724

The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting El plugin Simple Membership de WordPress versiones anteriores a 4.1.1, no sanea ni escapa apropiadamente los parámetros antes de devolverlos en las acciones AJAX, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/96a0a667-9c4b-4ea6-b78a-0681e9a9bbae • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-0681 – Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF

https://notcve.org/view.php?id=CVE-2022-0681

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack El plugin Simple Membership de WordPress versiones anteriores a 4.1.0, no presenta una comprobación de tipo CSRF cuando son eliminadas transacciones, lo que podría permitir a atacantes hacer que un administrador conectado elimine transacciones arbitrarias por medio de un ataque de tipo CSRF The Simple Membership WordPress plugin before 4.1.0 does not have Cross-Site Request Forgery (CSRF) protections in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack • https://wpscan.com/vulnerability/c5765816-4439-4c14-a847-044248ada0ef • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-0328 – Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF

https://notcve.org/view.php?id=CVE-2022-0328

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack El plugin Simple Membership de WordPress versiones anteriores a 4.0.9, no presenta comprobación de tipo CSRF cuando son eliminados miembros en masa, lo que podría permitir a atacantes hacer que un administrador conectado los elimine por medio de un ataque de tipo CSRF • https://plugins.trac.wordpress.org/changeset/2662855 https://wpscan.com/vulnerability/44532b7c-4d0d-4959-ada4-733f377d6ec9 • CWE-352: Cross-Site Request Forgery (CSRF) •