There are multiple vulnerabilities in this WordPress Membership plugin.
1. Privilege escalation. Because of this vulnerability, an attacker can take administrative role
to the infected website via "iv_membership_update_user_settings" AJAX action.
2. Stored XSS allows an attacker to login as regular user and update any field of the profile.
3. Unauthorized post publish and stored XSS vulnerabilities allow an attacker to publish posts without any administrator permission.