WCFM Membership – WooCommerce Memberships for Multivendor Marketplace, CVE-2023-2276
- CVE, Research URL
- Home page URL
-
Security reports for WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
- Published on
- May 20, 2023
- Research Description
- The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
- Affected versions
-
max 2.11.0.
- Status
-
vulnerable