Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-3849
cve-2014-3849
wordpress
imember360 plugin
remote attackers
user deletion
security vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.5%
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.
Affected configurations
Node
imember360imember360Match3.8.012wordpress
ORimember360imember360Match3.8.013wordpress
ORimember360imember360Match3.8.014wordpress
ORimember360imember360Match3.9.000wordpress
ORimember360imember360Match3.9.001wordpress
Related
prion
prion
Design/Logic Flaw
2014-05-23 14:55:00
patchstack
patchstack
WordPress iMember360 Plugin <= 3.9.001 - Arbitrary user deletion
2014-05-23 00:00:00
cvelist
cvelist
CVE-2014-3849
2022-10-03 16:20:25
nvd
nvd
CVE-2014-3849
2014-05-23 14:55:12
wpvulndb
wpvulndb
iMember360 < 3.9.001 - Multiple Issues
2014-04-24 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.5%
Related for CVE-2014-3849