WordPress MemberPress plugin <= 1.11.34 - Broken Access Control vulnerability
CVE-2024-43956
9.8CRITICAL
Summary
A vulnerability in Memberpress developed by Caseproof, LLC, allows attackers to exploit missing authorization measures, enabling access to functionality not properly constrained by access control lists (ACLs). This issue affects all versions between n/a and 1.11.34, posing significant security risks to users. Organizations utilizing this product should take precautions to mitigate potential exploitation that could compromise sensitive user data.
Affected Version(s)
Memberpress <= 1.11.34
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Ananda Dhakal (Patchstack)