Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin MemberSonic Lite Security Bypass (1.2)

Description

WordPress Plugin MemberSonic Lite is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently login to any account simply by knowing the email address associated with the account. WordPress Plugin MemberSonic Lite version 1.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.302 or latest

References

http://www.pritect.net/blog/membersonic-lite-1-2-unauthenticated-login

Related Vulnerabilities

Oracle Database Server CVE-2011-0830 Vulnerability (CVE-2011-0830)

MySQL CVE-2021-2019 Vulnerability (CVE-2021-2019)

Craft CMS Improper Authorization Vulnerability (CVE-2026-33162)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4018)

WordPress Plugin Enable Media Replace Directory Traversal (3.6.3)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass