CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
78.5%
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
Vendor | Product | Version | CPE |
---|---|---|---|
wpmembership | wpmembership | 1.2.3 | cpe:2.3:a:wpmembership:wpmembership:1.2.3:*:*:*:*:wordpress:*:* |