What the vulnerability does
01Description
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
Explanation of Vulnerability in Simple Terms
Simple Membership versions up to 4.7.1 lack proper authorization checks, allowing unauthenticated attackers to modify site data over the network. The vulnerability does not expose sensitive information or disrupt availability, but attackers can alter content or settings without logging in. Site administrators should update to a version newer than 4.7.1 immediately.
What an attacker can do
Modify site data or settings without authentication.
Potential impact on your site
Unauthorized changes to membership data, settings, or site content without admin approval.
Conditions required to exploit
Network access only; no login or user interaction required.
Key dates
External resources
Related vulnerabilities