Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-41954 — Improper Privilege Management in Profilepress

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

8.6HIGHNVD

EPSS

16.7%

top 5.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Properfraction Profilepress Profilepress Membership Team Profilepress

Timeline

PublishedMay 17

Description

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:LExploitability: 3.9 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5profilepress_membership_team/profilepressn/a — 4.13.1

▶NVDproperfraction/profilepress< 4.13.2

🔴Vulnerability Details

GHSA

GHSA-f3p6-32mj-fj25: Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation↗2024-05-17

▶

VulnCheck

ProfilePress Membership Team ProfilePress Plugin Vulnerability↗2023

▶

💥Exploits & PoCs

Nuclei

ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation

▶

📋Vendor Advisories

Oracle

Oracle Oracle Construction and Engineering Risk Matrix: Platform (MPXJ) — CVE-2022-41954↗2023-10-15

▶