CVE-2015-4038

Опубликовано: 03 июн. 2015

Источник: nvd

CVSS2: 6.5

EPSS Средний

Описание

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.

Ссылки

http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
Exploit
http://www.securityfocus.com/archive/1/535587/100/0/threaded
http://www.securityfocus.com/archive/1/535652/100/0/threaded
http://www.securityfocus.com/bid/74766
https://wpvulndb.com/vulnerabilities/7998
http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
Exploit
http://www.securityfocus.com/archive/1/535587/100/0/threaded
http://www.securityfocus.com/archive/1/535652/100/0/threaded
http://www.securityfocus.com/bid/74766
https://wpvulndb.com/vulnerabilities/7998

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpmembership:wpmembership:1.2.3:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 94%

0.11974

Средний

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-68hw-3j5m-5hrv

github

больше 3 лет назад