Two security flaws have been discovered in the Simple Membership plugin for WordPress, which could potentially lead to privilege escalation issues. These vulnerabilities affect versions 4.3.4 and below of the popular plugin, which is developed by smp7 and wp.insider and used for custom membership management on WordPress sites.
The security flaws were identified by Patchstack security researchers and include an Unauthenticated Membership Role Privilege Escalation vulnerability (CVE-2023-41957) and an Authenticated Account Takeover vulnerability (CVE-2023-41956). The first vulnerability allows unauthenticated users to register accounts with arbitrary membership levels, while the second vulnerability enables authenticated users to take over any member account through an insecure password reset process.
The Unauthenticated Membership Role Privilege Escalation vulnerability is primarily due to a function that handles the registration process. Patchstack explained that the function handles the process of password reset through a reset password link feature. In the plugin context, users can enable password reset through a link that is sent to their email. However, a critical condition exists where the function can be manipulated through certain GET parameters, allowing users to register with any membership level from an arbitrary member account.
In the case of the Authenticated Account Takeover vulnerability, a separate function handles password reset through a link feature. By carefully crafting the parameters, an attacker could exploit this vulnerability to take control of a user’s account.
Patchstack promptly reported these vulnerabilities to the plugin vendor on August 29. In response, the vendor took swift action and released version 4.3.5 of the plugin on August 30, 2023, to address the issues. The vendor implemented checks to validate user-controlled parameters in custom registration and password reset processes, ensuring that these vulnerabilities could no longer be exploited.
With over 50,000 active installations, the Simple Membership plugin is widely used for custom membership management on WordPress sites. Therefore, it is crucial for users to update their installations to the latest version (4.3.5) to protect against potential attacks.
This incident highlights the importance of regular updates and patching for plugins and software. Vulnerabilities can be discovered at any time, and it is critical for developers and users to stay vigilant and take swift action to address these issues. In this case, the plugin vendor acted promptly to address the vulnerabilities, demonstrating their commitment to security.
Website administrators and owners using the Simple Membership plugin should prioritize updating their installations as soon as possible to ensure the security of their WordPress sites. By keeping plugins and software up-to-date, users can protect against potential attacks and minimize the risk of compromise.
In conclusion, the discovery of security flaws in the Simple Membership plugin for WordPress underscores the ongoing need for robust security practices in the digital landscape. Adequate measures, such as regular updates, vulnerability assessments, and timely patching, are essential to safeguard websites and user data. Plugin vendors and developers also play a crucial role in promptly addressing reported vulnerabilities and releasing updates to mitigate potential risks. By prioritizing security, users can maintain the integrity and privacy of their online platforms.