2025-10-15 08:25:57
Wordfence
PUBLISHED
The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmp_user role granting all users with the manage_bmp capability by default upon registration through the plugins form. This makes it possible for unauthenticated attackers to register and manage the plugins settings.