Lucene search
K

279 matches found

Nuclei
Nuclei
added 11 hours ago13 views

WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS6.1AI score0.01383EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago73 views

ARMember < 3.4.8 - Unauthenticated Admin Account Takeover

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...

8.1CVSS7.1AI score0.0852EPSS
Exploits1References5
NVD
NVD
added 2 days ago8 views

CVE-2026-15302

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

5.3CVSS0.00533EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42792

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

5.3CVSS5.9AI score0.00533EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-15302

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

5.3CVSS5.9AI score0.00533EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-15302

The ARMember plug-in for WordPress (affected: all versions up to and including 4.0.27) is vulnerable to Directory Traversal via the X-FILENAME HTTP header. Unauthenticated attackers can upload and overwrite certain files (e.g., CSS) outside the wp-content/uploads/armember directory. This is a net...

5.3CVSS5.9AI score0.00533EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 12:16 p.m.6 views

CVE-2026-27060

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.37 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.20 views

CVE-2026-27060

CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (&lt;= 7.0). The root cause is PHP Object Injection in ARMember Premium

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-54971

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.66 views

📄 WordPress ARMember Premium 7.3.1 SQL Injection

WordPress ARMember Premium plugin version 7.3.1 remote SQL injection and account takeover exploit. ================================================================================================================================== | Title : WordPress ARMember Premium 7.3.1 SQL Injection and Accoun...

9.8CVSS5.7AI score0.00419EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.15 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01383EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.14 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.7AI score0.00419EPSS
Exploits3References1
Patchstack
Patchstack
added 2026/06/04 9:11 a.m.14 views

WordPress ARMember Premium – Membership plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability

Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

9.8CVSS5.8AI score0.00419EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 9:7 a.m.11 views

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 8:50 a.m.13 views

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2026/06/04 12:0 a.m.92 views

📄 WordPress ARMember Premium 7.3.1 Insecure Password Reset

WordPress ARMember Premium plugin versions 7.3.1 and below suffer from an insecure password reset mechanism that allows for administrative account takeover. ☠️ CVE-2026-5076 ARMember Premium --- 📋 Informasi Kerentanan | Item | Detail | |---|---| | CVE ID | CVE-2026-5076 | | Plugin | ARMember –...

9.8CVSS5.8AI score0.01383EPSS
Exploits3
NVD
NVD
added 2026/06/02 8:16 p.m.17 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS0.00419EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.10 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.34 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS0.01383EPSS
Exploits1References2
Rows per page
Query Builder