Member Hero <=1.0.9 - Remote Code Execution

WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware,...

CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

VulnCheck KEV: CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

WordPress Member Hero plugin code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

Authorization

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

CVE-2022-0885

Affected software/variant : WordPress Member Hero plugin versions 1.0.0–1.0.9. Vulnerability : unauthenticated remote code execution via an AJAX parameter; plugin lacks authorization checks and does not validate the parameter, enabling calls to arbitrary PHP functions with no arguments. Impact : ...

CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

PT-2022-13501 · WordPress · Member Hero

Name of the Vulnerable Software and Affected Versions: Member Hero WordPress plugin versions 1.0.0 through 1.0.9 Description: The issue lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with n...

WordPress plugin Member Hero 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress Member Hero plugin <= 1.0.9 - Unauthenticated Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE vulnerability discovered by Harald Eilertsen in WordPress Member Hero plugin versions = 1.0.9. Solution Deactivate and delete. This plugin has been closed as of March 23, 2022 and is not available for download. This closure is temporary, pending a full...

Member Hero <= 1.0.9 - Unauthenticated RCE

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...

Member Hero <= 1.0.9 - Unauthenticated RCE

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. PoC curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...