CVE-2015-4038
published 2015-06-03CVE-2015-4038: The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings…
PriorityP345medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
8.31%
94.2th percentile
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| e-plugins | wp_membership | — | — |
| wpmembership | wpmembership | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4qcm-8mvw-f49h: Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1
ghsa_unreviewed·2022-05-24·CVSS 6.5
CVE-2015-4039 [MEDIUM] GHSA-4qcm-8mvw-f49h: Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.
GHSA
GHSA-68hw-3j5m-5hrv: The WP Membership plugin 1
ghsa_unreviewed·2022-05-14
CVE-2015-4038 [MEDIUM] GHSA-68hw-3j5m-5hrv: The WP Membership plugin 1
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.htmlhttp://www.securityfocus.com/archive/1/535587/100/0/threadedhttp://www.securityfocus.com/archive/1/535652/100/0/threadedhttp://www.securityfocus.com/bid/74766https://wpvulndb.com/vulnerabilities/7998http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.htmlhttp://www.securityfocus.com/archive/1/535587/100/0/threadedhttp://www.securityfocus.com/archive/1/535652/100/0/threadedhttp://www.securityfocus.com/bid/74766https://wpvulndb.com/vulnerabilities/7998
2015-06-03
Published