"🛡️ Privilege Escalation Alert: Simple Membership Plugin Patched 🛡️"

Recent findings unveiled two privilege escalation vulnerabilities in the Simple Membership Plugin, a popular WordPress membership plugin with over 50,000 active installations. The first vulnerability, dubbed as Unauthenticated Membership Role Privilege Escalation, could allow unauthenticated users to register an account with arbitrary membership levels. The second, Authenticated Account Takeover, could enable an authenticated user to takeover any member account through an insecure password reset process. Both vulnerabilities were patched in version 4.3.5, with CVE-2023-41957 and CVE-2023-41956 assigned. Users are urged to update to the latest version to mitigate risks. 🛡️🔄

Source: Patchstack

Tags: #WordPress #SimpleMembershipPlugin #PrivilegeEscalation #CyberSecurity #PatchUpdate #CVE202341957 #CVE202341956