Vulnerabilities > CVE-2023-4293 - Unspecified vulnerability in Wpdownloadmanager Premium Packages - Sell Digital products Securely

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
wpdownloadmanager
NVD
Published: 2023-08-12
Updated: 2023-11-07

Summary

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update.

Vulnerable Configurations

Part Description Count
Application
Wpdownloadmanager
161

References