EUVD-2014-3779

Malware in sbrugna...

EUVD-2014-8775

Malware in sbrugna...

CVE-2014-3848

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...

CVE-2014-3842

Multiple cross-site scripting XSS vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 decrypt or 2 encrypt parameter...

CVE-2014-3849

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...

CVE-2014-8949

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...

CVE-2014-8948

Cross-site request forgery CSRF vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-89...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-89...

Code injection

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...

CVE-2014-8948

The CVE-2014-8948 entry concerns the WordPress iMember360 plugin, versions 3.8.012 through 3.9.001. The underlying issue is a Cross-site request forgery (CSRF) that allows remote attackers to hijack the authentication of administrators for requests sent with the i4w_trace parameter. The descripti...

CVE-2014-8949

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...

CVE-2014-8948

Cross-site request forgery CSRF vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-89...

WordPress iMember360 Plugin <= 3.9.001 - Code Execution

This vulnerability allows authenticated administrators to execute arbitrary commands via shell metacharacters in the "i4wtrace" parameter. Solution Update the plugin...

Wordpress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities

No description provided by source. ------------ BACKGROUND ------------ iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection controls you can imagine, yet driven by Infusionsoft's second-to-none CRM and...

CVE-2014-3848

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...

CVE-2014-3849

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...

Design/Logic Flaw

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...

Design/Logic Flaw

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...

CVE-2014-3848

CVE-2014-3848 affects the WordPress plugin iMember360 before version 3.9.001. The root cause is improper access restrictions that allow remote attackers to obtain database credentials through the i4w_dbinfo parameter. Reported impact is disclosure of database credentials; no exploitation details ...

CVE-2014-3848

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...