CVE-2015-4038

EUVD-2015-4066
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
wpmembershipwpmembership
1.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
http://www.securityfocus.com/archive/1/535587/100/0/threaded
http://www.securityfocus.com/archive/1/535652/100/0/threaded
http://www.securityfocus.com/bid/74766
https://wpvulndb.com/vulnerabilities/7998
http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
http://www.securityfocus.com/archive/1/535587/100/0/threaded
http://www.securityfocus.com/archive/1/535652/100/0/threaded
http://www.securityfocus.com/bid/74766
https://wpvulndb.com/vulnerabilities/7998