CVE-2022-2273

CVE-2022-2273: Simple Membership < 4.1.3 - Membership Privilege Escalation

Vendor Unknown
Product Simple Membership
Weakness CWE-269
Published August 1, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.

Key dates

02Disclosure timeline

August 1, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11923 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation CVE-2022-33962 BIG-IP iRule vulnerability CVE-2022-33962 CVE-2018-25041 uTorrent JSON RPC Server privileges management CVE-2024-28904 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2026-29124 Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation