Description
WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace version 2.10.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.10.1 or latest
References
Related Vulnerabilities
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)
WordPress Plugin Nokia Maps & Places Cross-Site Scripting (1.6.6)
WordPress Plugin Site Import Remote File Inclusion (1.0.1)
WordPress Plugin WordPress Photo Gallery-Image Gallery Cross-Site Request Forgery (1.0.6)
WordPress Plugin WooCommerce-Store Toolkit Privilege Escalation (1.5.7)