CVE-2020-36833

Name of the Vulnerable Software and Affected Versions Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6

Description The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it possible for an authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions, including modifying settings and viewing sensitive data.

Recommendations For versions 7.3 through 8.6, update to a version that includes the necessary capability checks to prevent authorization bypass. As a temporary workaround, consider restricting access to the vulnerable AJAX actions until a patch is available.