9.8 CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. (Waiting for translation)
https://nvd.nist.gov/vuln/detail/CVE-2023-2276

Categorias

CWE-639 : Bypass de autorização por meio de chave controlada pelo usuário

Referências

 

CPE

cpe	começar	fim
Configuration 1
cpe:2.3:a:wclovers:wcfm_membership:*:*:*:*:*:wordpress:*:*		<= 2.10.7

---

REMEDIAÇÃO

---

Patch

Url
https://plugins.trac.wordpress.org/changeset/2907455/
https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve

---

EXPLOITS

---

Exploit-db.com

id	descrição	datado
Nenhum exploit conhecido

Outros (github, ...)

Url
Nenhum exploit conhecido

---

CAPEC

---

Common Attack Pattern Enumerations and Classifications

id	descrição	gravidade
Entrada proibida

---

MITRE

---