9.8 CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. (Waiting for translation)
https://nvd.nist.gov/vuln/detail/CVE-2023-2276

Catégories

CWE-639 : Contournement de l'autorisation par une clé contrôlée par l'utilisateur

Références

 

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:wclovers:wcfm_membership:*:*:*:*:*:wordpress:*:*		<= 2.10.7

---

REMEDIATION

---

Patch

Url
https://plugins.trac.wordpress.org/changeset/2907455/
https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve

---

EXPLOITS

---

Exploit-db.com

id	description	date
Pas d'exploit connu

Autres (github, ...)

Url
Pas d'exploit connu

---

CAPEC

---

Common Attack Pattern Enumerations and Classifications

id	description	sévérité
Pas d'entrée

---

MITRE

---