Description

WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) is prone to a security bypass vulnerability. An attacker can exploit this issue to access arbitrary products without proper authorization. WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) versions 111105 and prior are all affected.

Remediation

Update to plugin version 111206 or latest

References

http://www.primothemes.com/forums/viewtopic.php?f=4&t=15232

http://secunia.com/advisories/47101/

Related Vulnerabilities

Oracle JRE CVE-2013-2437 Vulnerability (CVE-2013-2437)

WordPress Plugin SS Downloads Multiple Cross-Site Scripting Vulnerabilities (1.4.4.1)

WordPress 3.9.x Same Origin Method Execution (SOME) Vulnerability (3.9 - 3.9.11)

WordPress Plugin Count per Day Multiple Cross-Site Scripting Vulnerabilities (3.5.4)

WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass