45 matches found
CVE-2026-27060
Contributor PHP Object Injection in ARMember Premium = 7.0 versions...
CVE-2026-27060
CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (<= 7.0). The root cause is PHP Object Injection in ARMember Premium
CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability
Contributor PHP Object Injection in ARMember Premium = 7.0 versions...
WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
CVE-2026-5073
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
CVE-2026-5076
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
WordPress ARMember Premium – Membership plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability
Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...
WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...
WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...
CVE-2026-5073
CVE-2026-5073 affects WordPress ARMember Premium (all versions up to 7.3.1). The vulnerability is an unauthenticated SQL Injection via the order/orderby parameters in the AJAX action arm_directory_paging_action , caused by insufficient escaping and inadequate SQL query preparation in the function...
CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
CVE-2026-5073
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...
CVE-2026-5076
CVE-2026-5076 concerns ARMember Premium for WordPress (
CVE-2026-5076
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
CVE-2026-5074
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...
CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...