The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpcom wpcom Member
|
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:wpcom:wpcom_member:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wpcom wpcom Member
|
Fri, 06 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpcom
Wpcom wpcom-member |
|
CPEs | cpe:2.3:a:wpcom:wpcom-member:*:*:*:*:*:*:*:* | |
Vendors & Products |
Wpcom
Wpcom wpcom-member |
|
Metrics |
ssvc
|
Fri, 06 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration. | |
Title | WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-06T13:55:20.451Z
Updated: 2024-09-06T14:10:08.217Z
Reserved: 2024-08-05T15:06:30.037Z
Link: CVE-2024-7493
Vulnrichment
Updated: 2024-09-06T14:10:03.264Z
NVD
Status : Analyzed
Published: 2024-09-06T14:15:12.860
Modified: 2024-09-26T17:41:16.390
Link: CVE-2024-7493
Redhat
No data.