82 matches found
WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
📄 WordPress ARMember Premium 7.3.1 Insecure Password Reset
WordPress ARMember Premium plugin versions 7.3.1 and below suffer from an insecure password reset mechanism that allows for administrative account takeover. ☠️ CVE-2026-5076 ARMember Premium --- 📋 Informasi Kerentanan | Item | Detail | |---|---| | CVE ID | CVE-2026-5076 | | Plugin | ARMember –...
CVE-2026-5076
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
EUVD-2026-34003
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
PT-2026-45846
Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.1 Description The ARMember Premium plugin for WordPress contains an insecure password reset mechanism. Recommendations Update to version 7.3.1...
WordPress plugin ARMember Premium SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-7649
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...
CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...
CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...
CVE-2026-7649
ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...
WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2022-47425
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10...
EUVD-2023-56873
Malicious code in bioql PyPI...
EUVD-2022-49915
Malicious code in bioql PyPI...
EUVD-2024-25169
Malicious code in bioql PyPI...
EUVD-2023-43703
Malicious code in bioql PyPI...
EUVD-2023-37486
Malicious code in bioql PyPI...
EUVD-2022-45948
Malicious code in bioql PyPI...
EUVD-2024-32693
Malicious code in bioql PyPI...
CVE-2024-27995
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...