Wcfm Membership Woocommerce Memberships For Multivendor Marketplace
Monthly
Privilege escalation via Insecure Direct Object Reference in the WCFM Membership (WooCommerce Memberships for Multivendor Marketplace) WordPress plugin versions up to and including 2.11.10 lets authenticated users holding at least vendor-level access manipulate the 'wcfmvm_membership_change' AJAX action to reassign any user's account to the 'wcfm_vendor' role by altering their membership plan. Because the action never checks whether the caller is authorized to modify the targeted user, a low-privileged marketplace vendor can tamper with arbitrary accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high CVSS of 8.1 and network-reachable authenticated vector make it a meaningful multivendor-store risk.
Privilege escalation via Insecure Direct Object Reference in the WCFM Membership (WooCommerce Memberships for Multivendor Marketplace) WordPress plugin versions up to and including 2.11.10 lets authenticated users holding at least vendor-level access manipulate the 'wcfmvm_membership_change' AJAX action to reassign any user's account to the 'wcfm_vendor' role by altering their membership plan. Because the action never checks whether the caller is authorized to modify the targeted user, a low-privileged marketplace vendor can tamper with arbitrary accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high CVSS of 8.1 and network-reachable authenticated vector make it a meaningful multivendor-store risk.