The Simple Membership plugin for WordPress (versions 4.3.4 and below) has been found to have two security flaws that could result in privilege escalation issues.
Description
These vulnerabilities include an Unauthenticated Membership Role Privilege Escalation vulnerability (CVE-2023-41957) and an Authenticated Account Takeover vulnerability (CVE-2023-41956) [2] [4]. The first vulnerability allows unauthenticated users to register accounts with arbitrary membership levels [1] [2] [3] [4], while the second vulnerability enables authenticated users to take over any member account through an insecure password reset process [1] [2] [3] [4].
Patchstack [4], a security company, promptly reported these vulnerabilities to the plugin vendor [4], who responded quickly by releasing version 4.3.5 to address the issues. The update includes checks to validate user-controlled parameters in the registration and password reset processes [2] [5].
To prevent similar issues [3], it is recommended to apply more checks on user-controlled parameters during custom registration processes and to implement primary identifiers for password reset processes [3].
Conclusion
These security flaws in the Simple Membership plugin highlight the importance of regularly updating software to address vulnerabilities. By promptly releasing version 4.3.5, the plugin vendor demonstrated their commitment to addressing these issues. However, it is crucial for users to take proactive measures to prevent similar vulnerabilities in the future. Implementing additional checks on user-controlled parameters during custom registration processes and utilizing primary identifiers for password reset processes can help mitigate the risk of privilege escalation.
References
[1] https://deform.co/wordpress-simple-membership-plugin-vulnerabilities-enable-account-hijacking/
[2] https://www.infosecurity-magazine.com/news/simple-membership-flaws-exposes-wp/
[3] https://patchstack.com/articles/two-path-to-privilege-escalation-bugs-found-in-the-simple-membership-plugin/
[4] https://cybersecurity-see.com/exposed-flaws-in-the-simple-membership-plugin-leave-wordpress-sites-vulnerable/
[5] https://flyytech.com/2023/09/28/simple-membership-plugin-flaws-expose-wordpress-sites/