CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
88.2%
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
imember360 | imember360 | 3.8.012 | cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:* |
imember360 | imember360 | 3.8.013 | cpe:2.3:a:imember360:imember360:3.8.013:*:*:*:*:wordpress:*:* |
imember360 | imember360 | 3.8.014 | cpe:2.3:a:imember360:imember360:3.8.014:*:*:*:*:wordpress:*:* |
imember360 | imember360 | 3.9.000 | cpe:2.3:a:imember360:imember360:3.9.000:*:*:*:*:wordpress:*:* |
imember360 | imember360 | 3.9.001 | cpe:2.3:a:imember360:imember360:3.9.001:*:*:*:*:wordpress:*:* |