Simple Membership WordPress Plugin vulnerable to account creation, account takeover
Take action: If you are using the Simple Membership plugin for WordPress, it's time for a patch. This is a very simple update, so don't delay it.
Two security vulnerabilities have been identified in the Simple Membership plugin for WordPress, affecting versions 4.3.4 and earlier, potentially leading to privilege escalation problems.
The plugin, with its 50,000+ active installations, is a choice for custom membership management on WordPress websites. The security flaws, pinpointed by researchers at Patchstack, are:
The vendor of the plugin Smp7 released version 4.3.5 on August 30, 2023 to address these vulnerabilities, incorporating checks to validate user-controlled parameters in custom registration and password reset processes.
|OpenCms vulnerable to unauthenticated XXE (XML External Entity) …
|phpFox Social Platform fixes critical remote code execution …
|WordPress Royal Elementor plugin exploited by hackers
|WordPress Kirotech UserPro plugin multiple vulnerabilities, two critical
|Flaw in WordPress Ninja Forms lets attackers steal …