WordPress Plugin Vulnerabilities

Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

Description

The plugin allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.

Note: This only affects membership from the plugin, not the WordPress role

Proof of Concept

Affects Plugins

Plugin icon
simple-membership
Fixed in 4.1.3

References

CVE
CVE-2022-2317

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Jet Infosystems
Submitter website
https://jet.su
Verified
Yes
WPVDB ID
77b7ca19-294c-4480-8f57-6fddfc67fffb

Timeline

Publicly Published
2022-07-06 (about 3 years ago)
Added
2022-07-06 (about 3 years ago)
Last Updated
2023-04-10 (about 2 years ago)

Other

Published
Title
Published
2025-07-08
Title
Sala <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
Published
2021-02-24
Title
Woocommerce Customers Manager < 26.5 - Arbitrary Account Creation/Update by Low Privilege Users
Published
2025-08-21
Title
SUMO Memberships for WooCommerce <= 7.8.0 - Subscriber+ Privilege Escalation
Published
2025-08-30
Title
Hotel Listing <= 1.4.0 - Subscriber+ Privilege Escalation
Published
2025-03-18
Title
BoomBox Theme Extensions < 1.8.1 - Subscriber+ Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password