Simple Membership Plugin Flaws Expose WordPress Sites

Versions 4.3.4 and earlier of the well-known Simple Membership WordPress plugin feature two new security holes that could result in privilege escalation problems. The plugin created by smp7 and wp.insider is commonly used for personalized membership administration on WordPress websites and has over 50,000 active installations.

Unauthenticated Membership Role Privilege Escalation vulnerability (CVE-2023-41957) and Authenticated Account Takeover vulnerability (CVE-2023-41956) are two issues found by Patchstack security researchers. While with the latter, authenticated users were able to take control of any member account through an unsecure password reset process, the former permitted unauthenticated individuals to register accounts with accounts at any membership level.

Simple Membership Plugin Flaws Expose WordPress Sites

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Simple Membership Plugin Flaws Expose WordPress Sites

27-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address