Unrated severityNVD Advisory· Published Jun 3, 2015· Updated May 6, 2026

CVE-2015-4038

Description

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.

Affected products

Wpmembership/Wpmembership
cpe:2.3:a:wpmembership:wpmembership:1.2.3:*:*:*:*:wordpress:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/132012/WordPress-WP-Membership-1.2.3-Privilege-Escalation.htmlnvdExploit
www.securityfocus.com/archive/1/535587/100/0/threadednvd
www.securityfocus.com/archive/1/535652/100/0/threadednvd
www.securityfocus.com/bid/74766nvd
wpvulndb.com/vulnerabilities/7998nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000