Description

WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) is prone to a security bypass vulnerability. An attacker can exploit this issue to access arbitrary products without proper authorization. WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) versions 111105 and prior are all affected.

Remediation

Update to plugin version 111206 or latest

References

http://www.primothemes.com/forums/viewtopic.php?f=4&t=15232

http://secunia.com/advisories/47101/

Related Vulnerabilities

WordPress Plugin WordPress Custom Global Variable Unspecified Vulnerability (3.0.0)

WordPress Plugin Unlimited PopUps SQL Injection (4.5.3)

WordPress Plugin Testimonial Slider Multiple Cross-Site Scripting Vulnerabilities (1.2.5)

PostgreSQL CVE-2017-7547 Vulnerability (CVE-2017-7547)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2043)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass