CVE-2015-4038
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
03/06/2015
Last modified:
12/04/2025
Description
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:wpmembership:wpmembership:1.2.3:*:*:*:*:wordpress:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
- http://www.securityfocus.com/archive/1/535587/100/0/threaded
- http://www.securityfocus.com/archive/1/535652/100/0/threaded
- http://www.securityfocus.com/bid/74766
- https://wpvulndb.com/vulnerabilities/7998
- http://packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.html
- http://www.securityfocus.com/archive/1/535587/100/0/threaded
- http://www.securityfocus.com/archive/1/535652/100/0/threaded
- http://www.securityfocus.com/bid/74766
- https://wpvulndb.com/vulnerabilities/7998