WordPress Plugin Vulnerabilities

WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation

Description

The WP MLM SOFTWARE PLUGIN plugin for WordPress is vulnerable to privilege in all versions up to, and including, 4.0. This makes it possible for unauthenticated attackers to take over arbitrary accounts on the site.

Affects Plugins

Plugin icon
wp-mlm
No known fix

References

CVE
CVE-2023-51476
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/abcc1ed6-1871-4e8c-9469-c44dbfca5a17

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
5fbbc8ea-41d8-4d7e-a1c7-826207672e7e

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2026-01-22
Title
Hospital Doctor Directory <= 1.3.9 - Missing Authorization
Published
2025-11-07
Title
Course Booking System < 6.1.6 - Missing Authorization to Unauthenticated Booking Data Export
Published
2025-02-11
Title
iNET Webkit < 1.2.3 - Missing Authorization
Published
2021-12-28
Title
Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS
Published
2025-12-11
Title
Spoter for Elementor <= 1.04 - Missing Authorization