Lucene search
K

46 matches found

Nuclei
Nuclei
added 6 hours ago14 views

WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS6.1AI score0.01383EPSS
Exploits1References4
NVD
NVD
added 2026/07/02 12:16 p.m.6 views

CVE-2026-27060

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.37 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.20 views

CVE-2026-27060

CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (&lt;= 7.0). The root cause is PHP Object Injection in ARMember Premium

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-54971

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.15 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01383EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.14 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.7AI score0.00419EPSS
Exploits3References1
Patchstack
Patchstack
added 2026/06/04 9:11 a.m.14 views

WordPress ARMember Premium – Membership plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability

Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

9.8CVSS5.8AI score0.00419EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 9:7 a.m.11 views

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 8:50 a.m.13 views

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.10 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.15 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.35 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS0.01383EPSS
Exploits1References2
CVE
CVE
added 2026/06/02 6:30 p.m.39 views

CVE-2026-5073

CVE-2026-5073 affects WordPress ARMember Premium (all versions up to 7.3.1). The vulnerability is an unauthenticated SQL Injection via the order/orderby parameters in the AJAX action arm_directory_paging_action , caused by insufficient escaping and inadequate SQL query preparation in the function...

7.5CVSS5.9AI score0.01383EPSS
In wildExploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.11 views

CVE-2026-5074

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.14 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.00419EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.13 views

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.33 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS0.00419EPSS
Exploits3References2
CVE
CVE
added 2026/06/02 6:30 p.m.39 views

CVE-2026-5076

CVE-2026-5076 concerns ARMember Premium for WordPress (

9.8CVSS5.9AI score0.00419EPSS
Exploits3References2
CVE
CVE
added 2026/06/02 6:30 p.m.24 views

CVE-2026-5074

The CVE concerns the ARMember Premium WordPress plugin. A SQL Injection exists in the get_private_content_data AJAX action via the sSortDir_0 parameter, in all versions up to and including 7.3.1. The user-supplied value is concatenated into the ORDER BY clause without a whitelist, allowing authen...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References2
Rows per page
Query Builder