CVE-2022-2317 Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

2022-08-0112:52:01

CWE-269

WPScan

www.cve.org

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.

CNA Affected

[
  {
    "product": "Simple Membership",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.1.3",
        "status": "affected",
        "version": "4.1.3",
        "versionType": "custom"
      }
    ]
  }
]