cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2276,https://securityvulnerability.io/vulnerability/CVE-2023-2276,Insecure Direct Object References in WCFM Membership Plugin for WooCommerce,"The WCFM Membership plugin for WooCommerce is susceptible to Insecure Direct Object References, allowing users to manipulate access controls. This vulnerability enables unauthorized individuals to bypass standard authentication processes, consequently changing passwords for user accounts, including those with administrative privileges. Adhering to secure coding practices and updating the plugin to the latest version can mitigate the risks associated with this security flaw.",Wordpress,WCFM Membership – WooCommerce Memberships for Multivendor Marketplace,9.8,CRITICAL,0.0020600000862032175,false,,false,false,false,,false,false,2023-05-20T04:15:00.000Z,0
CVE-2022-4941,https://securityvulnerability.io/vulnerability/CVE-2022-4941,Cross-Site Request Forgery in WCFM Membership Plugin for WordPress,"The WCFM Membership plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit the lack of nonce checks on various AJAX actions. Specifically, this could enable attackers to manipulate membership details, alter renewal information, and influence membership approvals through crafted requests, provided they can deceive a site administrator into executing a malicious link. This issue affects versions up to and including 2.9.10, presenting a significant risk to the integrity and management of membership functionalities.",Wordpress,Wcfm Membership – WooCommerce Memberships For Multivendor Marketplace,6.3,MEDIUM,0.0024399999529123306,false,,false,false,false,,false,false,2023-04-05T18:00:49.094Z,0
CVE-2022-4940,https://securityvulnerability.io/vulnerability/CVE-2022-4940,Unauthorized Data Modification in WCFM Membership Plugin for WordPress,"The WCFM Membership plugin for WordPress suffers from a serious authorization bypass vulnerability that allows unauthenticated attackers to perform unauthorized actions. Due to insufficient capability checks on various AJAX actions, attackers can modify membership details, alter renewal information, and manipulate membership approvals among other critical operations, thereby compromising the integrity and security of the application and its users.",Wordpress,Wcfm Membership – WooCommerce Memberships For Multivendor Marketplace,7.3,HIGH,0.0009500000160187483,false,,false,false,false,,false,false,2023-04-05T18:00:39.715Z,0
CVE-2022-4939,https://securityvulnerability.io/vulnerability/CVE-2022-4939,Privilege Escalation Vulnerability in WCFM Membership Plugin for WordPress,"The WCFM Membership plugin for WordPress has a privilege escalation vulnerability that allows unauthenticated attackers to manipulate membership settings. This is due to a lack of capability checks in the wp_ajax_nopriv_wcfm_ajax_controller AJAX action. Exploitation of this issue enables attackers to change the role of anyone registering, including the ability to assign themselves administrator privileges, significantly compromising the security of the affected WordPress site.",Wordpress,Wcfm Membership – WooCommerce Memberships For Multivendor Marketplace,9.8,CRITICAL,0.0017999999690800905,false,,false,false,true,true,false,false,2023-04-05T18:00:30.235Z,0