Description

WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) is prone to a security bypass vulnerability. An attacker can exploit this issue to access arbitrary products without proper authorization. WordPress Plugin s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) versions 111105 and prior are all affected.

Remediation

Update to plugin version 111206 or latest

References

http://www.primothemes.com/forums/viewtopic.php?f=4&t=15232

http://secunia.com/advisories/47101/

Related Vulnerabilities

WordPress Plugin Titan Framework Cross-Site Scripting (1.5.2)

PHP Other Vulnerability (CVE-2007-1376)

Envoy Proxy Origin Validation Error Vulnerability (CVE-2020-15104)

ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-0987)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass