CVE-2015-4038

Wpmembership - Access Control

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4038.

AI-analyzed exploit summary The document details multiple vulnerabilities in the WordPress WP Membership plugin, including privilege escalation via AJAX action manipulation, stored XSS due to insufficient input sanitization, and unauthorized post publishing by modifying form fields. It provides technical descriptions and proof-of-concept steps but does not include functional exploit code.

Description

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/37074

The document details multiple vulnerabilities in the WordPress WP Membership plugin, including privilege escalation via AJAX action manipulation, stored XSS due to insufficient input sanitization, and unauthorized post publishing by modifying form fields. It provides technical descriptions and proof-of-concept steps but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass | Xss | Other
Complexity
Trivial
Reliability
Reliable
Target: WordPress WP Membership plugin v1.2.3
Auth required
Prerequisites: Registered user account on the target WordPress site
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535587/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74766
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535652/100/0/threaded
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/7998

Scores

EPSS 0.0831
EPSS Percentile 94.2%

Details

CWE
CWE-264
Status published
Products (1)
wpmembership/wpmembership 1.2.3
Published Jun 03, 2015
Tracked Since Feb 18, 2026