Code Injection Vulnerability in s2Member Pro
CVE-2024-51815

9CRITICAL

Key Information:

Vendor: WordPress
Status: S2member Pro
Vendor: CVE Published:; 6 December 2024

Summary

The vulnerability in WP Sharks' s2Member Pro arises from improper control over the generation of code, allowing potential exploitation through code injection. This flaw affects versions from n/a through 241114, enabling an attacker to inject malicious code into the application, which could be executed on the server hosting the affected plugin. Such an exploit may lead to unauthorized access or manipulation of data, posing significant threats to system integrity and user security.

Affected Version(s)

s2Member Pro <= 241114

References

https://patchstack.com/database/wordpress/plugin/s2member...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 4, 2024

Credit

Hakiduck (Patchstack Alliance)