CVE-2015-4038

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
wpmembershipwpmembership
1.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
http://www.securityfocus.com/archive/1/535587/100/0/threaded
http://www.securityfocus.com/archive/1/535652/100/0/threaded
http://www.securityfocus.com/bid/74766
https://wpvulndb.com/vulnerabilities/7998
http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
http://www.securityfocus.com/archive/1/535587/100/0/threaded
http://www.securityfocus.com/archive/1/535652/100/0/threaded
http://www.securityfocus.com/bid/74766
https://wpvulndb.com/vulnerabilities/7998