9.8 CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. (Waiting for translation)
https://nvd.nist.gov/vuln/detail/CVE-2023-2276

Categorías

CWE-639 : Evasión de la autorización a través de una clave controlada por el usuario

Referencias

 

CPE

cpe	iniciar	fin
Configuration 1
cpe:2.3:a:wclovers:wcfm_membership:*:*:*:*:*:wordpress:*:*		<= 2.10.7

---

REMEDIACIÓN

---

Patch

Url
https://plugins.trac.wordpress.org/changeset/2907455/
https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve

---

EXPLOTA

---

Exploit-db.com

id	descripción	fecha
No hay exploits conocidos

Otros (github, ...)

Url
No hay exploits conocidos

---

CAPEC

---

Common Attack Pattern Enumerations and Classifications

id	descripción	gravedad
No hay entrada

---

MITRE

---