The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-04-05T18:00:39.715Z
Updated: 2023-04-13T14:41:47.995Z
Reserved: 2023-04-05T17:55:59.252Z
Link: CVE-2022-4940
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-05T19:15:07.527
Modified: 2023-11-07T03:59:22.323
Link: CVE-2022-4940
JSON object: View
Redhat Information
No data.
CWE
No CWE.