cleantalk
Vulnerabilities and Security Researches

Premium Packages – Sell Digital Products Securely, CVE-2023-4293

CVE, Research URL

CVE-2023-4293

Home page URL

Security reports for Premium Packages – Sell Digital Products Securely

Application

Premium Packages – Sell Digital Products Securely

Published on
Aug 12, 2023
Research Description
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update.
Affected versions
Min -, max 5.7.5.
Status
vulnerable
Previous vulnerability researches
Premium Packages – Sell Digital Products Securely (CVE-2024-10164) , Nov 23, 2024
Premium Packages – Sell Digital Products Securely (CVE-2024-11225) , May 06, 2025
Premium Packages – Sell Digital Products Securely (CVE-2024-7386) , Sep 26, 2024
Premium Packages – Sell Digital Products Securely (CVE-2025-24659) , Jan 26, 2025
Premium Packages – Sell Digital Products Securely (CVE-2024-52435) , Nov 19, 2024
New vulnerability
IGIT Related Posts With Thumb Image After Posts (CVE-2025-46518) , May 07, 2025
Product Category Slider for WooCommerce (CVE-2025-39364) , May 07, 2025
Total Donations (CVE-2025-43837) , May 07, 2025
Syndicate Out (CVE-2025-43836) , May 07, 2025
Relevanssi – A Better Search (CVE-2025-4054) , May 07, 2025