Report
The Simple Membership plugin for WordPress is vulnerable to membership related privilege escalation in versions up to, and including, 4.1.2. This is due to insufficient validation on the membership membership_level supplied which makes it possible for authenticated users to supplied arbitrary membership levels and be granted to permissions.
Score:4.3
Severity:Medium
Version: 4.1.2
There is a patch available in v4.1.3 and we strongly recommend you update to this version as soon as possible.
