WP Membership [Privilege Escalation]
WP Membership plugin for WordPress suffers from a Privilege Escalation vulnerability
Any registered user can perform a privilege escalation through
iv_membership_update_user_settings AJAX action. Although this exploit can be used to modify other plugin related data (eg payment status and expiry date), privilege escalation can lead to a serious incident because the malicious user can take administrative role to the infected website.
- Login as regular user
- Sent a POST request to
Vendor notified about the issue