Vulnerabilities > Simple Membership Plugin > Simple Membership > 4.1.1

DATE CVE VULNERABILITY TITLE RISK
2022-08-01 CVE-2022-2273 Unspecified vulnerability in Simple-Membership-Plugin Simple Membership
The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
network
low complexity
simple-membership-plugin
8.8
8.8
2022-08-01 CVE-2022-2317 Unspecified vulnerability in Simple-Membership-Plugin Simple Membership
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.
network
low complexity
simple-membership-plugin
critical
 9.8
9.8