CVE-2015-4038 in WP Membership Plugin
Summary
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
Reservation
05/19/2015
Disclosure
06/03/2015
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 75691 | WP Membership Plugin admin-ajax.php access control | 264 | Proof-of-Concept | Not defined | CVE-2015-4038 |