Description
Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.8.0.
Published: 2025-10-22
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WordPress users running the SUMO Memberships for WooCommerce plugin may be able to increase their privileges beyond the intended level due to incorrect privilege assignment. The flaw allows an attacker who can use the plugin’s administrative interface or craft malicious requests to gain elevated roles, potentially accessing sensitive site data or modifying content. The vulnerability’s core weakness is improper authorization (CWE‑266).

Affected Systems

The plugin 'SUMO Memberships for WooCommerce' developed by FantasticPlugins. Versions from the first release up through 7.8.0 are affected. Any WordPress installation using the plugin prior to 7.8.1 is at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, classifying it as high risk. The EPSS score is less than 1%, implying that active exploitation is currently rare, but the vulnerability is still present. It is not listed in the CISA KEV catalog, suggesting no widespread active exploitation has been reported yet. The likely attack vector is through the plugin’s administrative interface or crafted requests from a compromised low‑privilege account. Once exploited, an attacker can gain administrative rights or other elevated roles, enabling full control over the site.

Generated by OpenCVE AI on April 29, 2026 at 14:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SUMO Memberships for WooCommerce plugin to version 7.8.1 or later, which contains the fix for the privilege assignment issue.
  • Ensure WordPress core and all other plugins are updated to their latest stable releases to reduce the overall attack surface.
  • Review and audit the WordPress user roles and capabilities, removing any unnecessary high‑privilege accounts and limiting membership‑plugin permissions to the minimum required.

Generated by OpenCVE AI on April 29, 2026 at 14:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0. Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.8.0.
Title WordPress SUMO Memberships for WooCommerce plugin <= 7.6.0 - Privilege Escalation vulnerability WordPress SUMO Memberships for WooCommerce plugin <= 7.8.0 - Privilege Escalation vulnerability

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Fantasticplugins
Fantasticplugins sumo Memberships For Woocommerce
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Fantasticplugins
Fantasticplugins sumo Memberships For Woocommerce
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress

Thu, 23 Oct 2025 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Oct 2025 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0.
Title WordPress SUMO Memberships for WooCommerce plugin <= 7.6.0 - Privilege Escalation vulnerability
Weaknesses CWE-266
References

Subscriptions

Fantasticplugins Sumo Memberships For Woocommerce
Woocommerce Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T18:42:32.911Z

Reserved: 2025-09-25T15:34:33.695Z

Link: CVE-2025-60222

cve-icon Vulnrichment

Updated: 2025-10-22T20:37:38.063Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:15:59.377

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-60222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T14:15:14Z

Weaknesses