4 matches found
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...
CVE-2024-27995
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...
CVE-2024-27995
CVE-2024-27995 (ARMember) : The vulnerability is an authenticated (Administrator+) stored cross-site scripting flaw in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup. The issue arises from improper neutralization of input during web...
CVE-2022-46808
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11...