CVE-2023-2276 - Vulnerability Details - OpenCVE

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Wclovers	Wcfm Membership

Configuration 1 [-]

cpe:2.3:a:wclovers:wcfm_membership:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284/
https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124
https://plugins.trac.wordpress.org/changeset/2907455/
https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve

History

Mon, 13 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-05-20T03:35:57.027Z

Updated: 2025-01-13T16:48:09.887Z

Reserved: 2023-04-25T11:43:19.703Z

Link: CVE-2023-2276

Vulnrichment

Updated: 2024-08-02T06:19:14.744Z

NVD

Status : Modified

Published: 2023-05-20T04:15:09.413

Modified: 2024-11-21T07:58:17.520

Link: CVE-2023-2276

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2276", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-04-25T11:43:19.703Z", "datePublished": "2023-05-20T03:35:57.027Z", "dateUpdated": "2025-01-13T16:48:09.887Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-06-13T12:53:16.233Z"}, "affected": [{"vendor": "wclovers", "product": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.10.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124"}, {"url": "https://plugins.trac.wordpress.org/changeset/2907455/"}, {"url": "https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lana Codes"}], "timeline": [{"time": "2023-04-24T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-04-24T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2023-05-03T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.744Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2907455/", "tags": ["x_transferred"]}, {"url": "https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-13T16:16:39.612367Z", "id": "CVE-2023-2276", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T16:48:09.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2907455/", "tags": ["x_transferred"]}, {"url": "https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.744Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2276", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-13T16:16:39.612367Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T16:16:41.064Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Lana Codes"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "wclovers", "product": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.10.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-04-24T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2023-04-24T00:00:00.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2023-05-03T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124"}, {"url": "https://plugins.trac.wordpress.org/changeset/2907455/"}, {"url": "https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284/"}], "descriptions": [{"lang": "en", "value": "The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-06-13T12:53:16.233Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2276", "state": "PUBLISHED", "dateUpdated": "2025-01-13T16:48:09.887Z", "dateReserved": "2023-04-25T11:43:19.703Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-05-20T03:35:57.027Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wclovers:wcfm_membership:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DDD33B29-9FAB-4A61-9923-677346FBC7E4", "versionEndIncluding": "2.10.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."}], "id": "CVE-2023-2276", "lastModified": "2024-11-21T07:58:17.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-20T04:15:09.413", "references": [{"source": "security@wordfence.com", "url": "https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284/"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/2907455/"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/2907455/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}