Description

WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) is prone to a security bypass vulnerability. An attacker can exploit this issue to access arbitrary products without proper authorization. WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) versions 111105 and prior are all affected.

Remediation

Update to plugin version 111206 or latest

References

http://www.primothemes.com/forums/viewtopic.php?f=4&t=15232

http://secunia.com/advisories/47101/

Related Vulnerabilities

MySQL CVE-2022-21460 Vulnerability (CVE-2022-21460)

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-41308)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Remote Code Execution (2.0.32)

WordPress Plugin Really Simple Gallery Multiple Vulnerabilities (1.4)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4525)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass