Jet Infosystems

#14543of 53,633
18.6Total CVSS
Vulnerabilities · 2
High
1
Critical
1
PT-2022-15649
8.8
2022-08-01
WordPress · Simple Membership · CVE-2022-2273
**Name of the Vulnerable Software and Affected Versions** Simple Membership WordPress plugin versions prior to 4.1.3 **Description** The issue arises from improper validation of the `membership level` parameter when editing a profile. This allows members to potentially escalate to a higher membership level by crafting a specific POST request. **Recommendations** For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue.
PT-2022-15896
9.8
2022-08-01
WordPress · Simple Membership · CVE-2022-2317
**Name of the Vulnerable Software and Affected Versions** Simple Membership WordPress plugin versions prior to 4.1.3 **Description** The issue allows a user to change their membership at the registration stage due to insufficient checking of a user-supplied parameter. **Recommendations** For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue.