Lucene search
K

86 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-43703

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32693

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00526EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-37486

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:58 a.m.6 views

CVE-2024-27995

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...

5.9CVSS8.6AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.12 views

CVE-2024-7703

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS5.8AI score0.01142EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:56 a.m.6 views

CVE-2024-4133

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirectto parameter. This...

6.1CVSS6.8AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.5 views

CVE-2023-33323

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARMember plugin = 4.0.2 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:59 a.m.10 views

CVE-2023-3011

The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the armcheckusercap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized action...

8.8CVSS6.4AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.11 views

CVE-2022-47421

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARMember free, Repute InfoSystems ARMember premium plugins...

5.9CVSS5.5AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.11 views

CVE-2022-1903

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username...

8.1CVSS7.1AI score0.0852EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 12:7 a.m.10 views

CVE-2022-47140

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARMember plugin = 4.0.1 versions...

7.1CVSS5.8AI score0.00382EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 6:59 a.m.6 views

CVE-2024-32948

Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28...

9.1CVSS5.1AI score0.00568EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/06 9:23 a.m.15 views

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

6.3CVSS0.00358EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/06 9:23 a.m.8 views

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

6.3CVSS7.3AI score0.00358EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 9:23 a.m.56 views

CVE-2024-10681

CVE-2024-10681 (ARMember WordPress plugin) affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup for WordPress, versions up to and including 4.0.51. The issue arises from the plugin executing an action without properly validating a value before runni...

6.3CVSS6.5AI score0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/19 5:21 p.m.24 views

CVE-2022-47424 WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...

5.4CVSS0.00185EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/08/17 2:44 p.m.100 views

Exploit for CVE-2024-7703

CVE-2024-7703 markdown CVE-2024-7703 Exploit: Stored Cros...

6.4CVSS8AI score0.01142EPSS
Exploits1
CVE
CVE
added 2024/08/17 11:15 a.m.54 views

CVE-2024-7703

ARMember – Membership Plugin for WordPress contains a Stored XSS via SVG uploads in all versions up to 4.0.37, exploitable by authenticated users with Subscriber+ privileges; pages loaded from the SVG can execute scripts on access. Red Hat and Wordfence references confirm the issue and note patch...

6.4CVSS5.8AI score0.01142EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.11 views

PT-2024-38523 · Armember · Armember

Name of the Vulnerable Software and Affected Versions: The ARMember – Membership Plugin versions up to, and including, 4.0.37 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS5.9AI score0.01142EPSS
Exploits1References9
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.7 views

ARMember < 4.0.28 - Directory Traversal via X-FILENAME

Description The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

7.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder