Simple Membership WordPress Plugin vulnerable to account creation, account takeover

published: Sept. 27, 2023

Take action: If you are using the Simple Membership plugin for WordPress, it's time for a patch. This is a very simple update, so don't delay it.


Learn More

Two security vulnerabilities have been identified in the Simple Membership plugin for WordPress, affecting versions 4.3.4 and earlier, potentially leading to privilege escalation problems.

The plugin, with its 50,000+ active installations, is a choice for custom membership management on WordPress websites. The security flaws, pinpointed by researchers at Patchstack, are:

  • Unauthenticated Membership Role Privilege Escalation vulnerability (CVE-2023-41957) - individuals without authentication could create accounts with arbitrary membership levels. The  vulnerability centers on a function responsible for the registration process and the handling of password reset via a link feature. The plugin allows password reset through a link sent to the user's email, and a critical issue arises when this function can be manipulated through specific GET parameters, granting users the ability to register with any membership level from an arbitrary member account.
  • Authenticated Account Takeover vulnerability (CVE-2023-41956) - authenticated users could commandeer any member account via an insecure password reset process. In this vulnerability a distinct function manages the password reset via a link feature. Manipulation of parameters allows an attacker to exploit this vulnerability and seize control of a user's account.

The vendor of the plugin Smp7 released version 4.3.5 on August 30, 2023 to address these vulnerabilities, incorporating checks to validate user-controlled parameters in custom registration and password reset processes.

Simple Membership WordPress Plugin vulnerable to account creation, account takeover