What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
Explanation of Vulnerability in Simple Terms
WP Membership versions 1.6.4 and earlier contain an improper privilege escalation vulnerability. An authenticated user with low privileges can read sensitive data, modify site content, and disrupt service. The vulnerability requires only network access and no user interaction. All installations running affected versions should update immediately.
What an attacker can do
Read sensitive data, modify content, and disrupt the site's availability.
Potential impact on your site
Any registered user can access admin functions, steal data, and damage your site.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources