WordPress Plugin Vulnerabilities

s2Member < 240325 - Limited Privilege Escalation

Description

The plugin is vulnerable to limited privilege escalation in versions up to, and including, 240315. This is due to insufficient controls during user registration. This makes it possible for unauthenticated attackers to register with higher than the default permissions.

Affects Plugins

Plugin icon
s2member
Fixed in 240325

References

CVE
CVE-2024-31237
URL
https://patchstack.com/database/vulnerability/s2member/wordpress-s2member-plugin-240315-privilege-escalation-vulnerability

Miscellaneous

Original Researcher
Ngô Thiên An (ancorn_)
Verified
No
WPVDB ID
3c0b4714-cc45-4399-9d4a-4940d0517dd4

Timeline

Publicly Published
2024-04-05 (about 2 years ago)
Added
2024-04-12 (about 2 years ago)
Last Updated
2024-04-12 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Thinkun Remind 1.1.3 - exportData.php dirPath Parameter Traversal Arbitrary File Access
Published
2019-12-02
Title
Mesmerize & Materialis Themes - Authenticated Options Update
Published
2014-08-01
Title
WordPress <= 2.0.2 - Remote Shell Injection
Published
2014-08-01
Title
Page Layout Builder 1.3.4 - Unspecified Issue
Published
2014-08-01
Title
CSS Plus 1.3.1 - Unspecified Vulnerabilities