CVE-2023-2276 in WooCommerce Memberships for Multivendor Marketplace Plugininformação

Sumário

de MITRE • 20/05/2023

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsável

Wordfence

Reservar

25/04/2023

Divulgação

20/05/2023

Moderação

aceite

Entrada

VDB-229599

CPE

pronto

EPSS

0.01093

KEV

não

Atividades

muito baixo

Fontes

Interested in the pricing of exploits?

See the underground prices here!