WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability
CVE-2024-31237

7.5HIGH

Key Information:

Vendor: WordPress
Status: S2member Pro
Vendor: CVE Published:; 17 May 2024

Summary

An improper privilege management vulnerability in WP Sharks s2Member Pro enables attackers to escalate their privileges within the application. This security flaw affects versions of the s2Member Pro plugin from n/a to 240315. Exploitation of this vulnerability could allow unauthorized users to gain elevated access, posing significant risks to system integrity and user data. Organizations utilizing this plugin should take immediate action to mitigate potential threats associated with privilege escalation.

Affected Version(s)

s2Member Pro <= 240315

References

https://patchstack.com/database/vulnerability/s2member/wo...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

NGÔ THIÊN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)