4 matches found
CVE-2022-0885
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...
VulnCheck KEV: CVE-2022-0885
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...
CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...
CVE-2022-0885
Affected software/variant : WordPress Member Hero plugin versions 1.0.0–1.0.9. Vulnerability : unauthenticated remote code execution via an AJAX parameter; plugin lacks authorization checks and does not validate the parameter, enabling calls to arbitrary PHP functions with no arguments. Impact : ...