Privilege Escalation Vulnerability in Premium Packages Plugin by WordPress
CVE-2023-4293
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 12 August 2023
What is CVE-2023-4293?
The Premium Packages - Sell Digital Products Securely plugin for WordPress is susceptible to a privilege escalation issue. This vulnerability arises from insufficient checks within the 'wpdmpp_update_profile' function. Authenticated users, even those with minimal permissions like subscribers, can exploit this vulnerability to alter their own user roles by sending a manipulated 'profile[role]' parameter during a profile update process. This could allow unauthorized elevation of privileges, leading to significant risks for the website.
Affected Version(s)
Premium Packages – Sell Digital Products Securely * <= 5.7.4