Lucene search
China National Vulnerability DatabaseCNVD-2022-55700HistoryJun 15, 2022 - 12:00 a.m.
WordPress Member Hero plugin code injection vulnerability
2022-06-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
16
wordpress
member hero
code injection
vulnerability
ajax operations
php functions
wordpress foundation
EPSS
0.284
Percentile
96.9%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Member Hero plugin version 1.0.9 and earlier versions are vulnerable to code injection, which stems from not validating request parameters in AJAX operations. An attacker can use this vulnerability to invoke arbitrary PHP functions without parameters.
Related
nuclei
nuclei
Member Hero <=1.0.9 - Remote Code Execution
2022-10-20 09:44:28
prion
prion
Authorization
2022-06-13 13:15:00
wpvulndb
wpvulndb
Member Hero <= 1.0.9 - Unauthenticated RCE
2022-05-18 00:00:00
nvd
nvd
CVE-2022-0885
2022-06-13 13:15:10
patchstack
patchstack
cvelist
cvelist
CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE
2022-06-13 12:41:39
cve
cve
CVE-2022-0885
2022-06-13 13:15:10
wpexploit
wpexploit
Member Hero <= 1.0.9 - Unauthenticated RCE
2022-05-18 00:00:00