CVE-2022-4940

Name of the Vulnerable Software and Affected Versions WCFM Membership plugin for WordPress versions up to, and including, 2.10.0

Description The issue allows unauthorized modification and access of data due to missing capability checks on various AJAX actions. This enables unauthenticated attackers to perform actions such as modifying membership details, changing renewal information, controlling membership approvals, and more.

Recommendations For versions up to, and including, 2.10.0, update to a version higher than 2.10.0 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until a patch is available.