CVE-2023-41957 — Improper Privilege Management in Simple Membership

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

9.8CRITICALNVD

CNA8.6

EPSS

0.1%

top 66.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Simple-membership-plugin Simple Membership Smp7 Wp.insider Simple Membership

Timeline

PublishedMay 17

Description

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5smp7_wp.insider/simple_membershipn/a — 4.3.4

▶NVDsimple-membership-plugin/simple_membership< 4.3.5

🔴Vulnerability Details

CVEList

WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability↗2024-05-17

▶

GHSA

GHSA-684g-9624-2cvp: Improper Privilege Management vulnerability in smp7, wp↗2024-05-17

▶