CVE-2022-2317
Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.
El plugin Simple Membership de WordPress versiones anteriores a 4.1.3, permite al usuario cambiar su membresía en la etapa de registro debido a una comprobación insuficiente de un parámetro suministrado por el usuario
The Simple Membership plugin for WordPress is vulnerable to membership related privilege escalation in versions up to, and including, 4.1.2. This is due to insufficient validation on the membership level_identifier supplied which makes it possible for unauthenticated users to supplied arbitrary membership levels and be granted to permissions.
*Credits:
Jet Infosystems
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-05 CVE Reserved
- 2022-07-06 CVE Published
- 2024-02-22 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/77b7ca19-294c-4480-8f57-6fddfc67fffb | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Simple-membership-plugin Search vendor "Simple-membership-plugin" | Simple Membership Search vendor "Simple-membership-plugin" for product "Simple Membership" | < 4.1.3 Search vendor "Simple-membership-plugin" for product "Simple Membership" and version " < 4.1.3" | wordpress |
Affected
| ||||||