Lucene search
K

45 matches found

NVD
NVD
added yesterday3 views

CVE-2026-27060

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-27060

CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (<= 7.0). The root cause is PHP Object Injection in ARMember Premium

8.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday10 views

WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.8AI score0.01383EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01383EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.7AI score0.00419EPSS
Exploits3References1
Patchstack
Patchstack
added 2026/06/04 9:11 a.m.13 views

WordPress ARMember Premium – Membership plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability

Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

9.8CVSS5.8AI score0.00419EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 9:7 a.m.10 views

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 8:50 a.m.12 views

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/02 6:30 p.m.28 views

CVE-2026-5073

CVE-2026-5073 affects WordPress ARMember Premium (all versions up to 7.3.1). The vulnerability is an unauthenticated SQL Injection via the order/orderby parameters in the AJAX action arm_directory_paging_action , caused by insufficient escaping and inadequate SQL query preparation in the function...

7.5CVSS5.9AI score0.01383EPSS
In wildExploits1References2
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.31 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS0.01383EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.9 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.14 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.30 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS0.00419EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.31 views

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS0.00308EPSS
Exploits1References2
CVE
CVE
added 2026/06/02 6:30 p.m.28 views

CVE-2026-5076

CVE-2026-5076 concerns ARMember Premium for WordPress (

9.8CVSS5.9AI score0.00419EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.12 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.01383EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.9 views

CVE-2026-5074

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.12 views

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.13 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.00419EPSS
Exploits3References2
Rows per page
Query Builder