Описание
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.2 (исключая)Версия до 5.1.2 (исключая)
Одно из
cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:free:wordpress:*:*
cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 99%
0.83885
Высокий
8.1 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.1
github
10 месяцев назад
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
EPSS
Процентиль: 99%
0.83885
Высокий
8.1 High
CVSS3
Дефекты
NVD-CWE-noinfo