Описание
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.3 (исключая)Версия до 5.1.3 (исключая)
Одно из
cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:free:wordpress:*:*
cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 89%
0.04809
Низкий
8.1 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.1
github
10 месяцев назад
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
EPSS
Процентиль: 89%
0.04809
Низкий
8.1 High
CVSS3
Дефекты
NVD-CWE-noinfo