cbcvebase.
CVE-2015-4038
published 2015-06-03

CVE-2015-4038: The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings…

PriorityP345medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
8.31%
94.2th percentile
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
e-pluginswp_membership
wpmembershipwpmembership
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.