Armember Security Vulnerabilities and Issues — Armember CVE List

ArmemberpluginArmember

5 matches found

CVE•added 2022/06/27 8:58 a.m.•104 views

CVE-2022-1903

CVE-2022-1903 affects the ARMember WordPress plugin (versions before 3.4.8). The underlying issue is missing nonce and authorization checks in an AJAX action accessible to unauthenticated users, enabling an attacker to change the password of arbitrary usernames and take over accounts (potentially...

8.1CVSS8.2AI score0.78292EPSS

CVE•added 2023/10/20 7:29 a.m.•64 views

CVE-2023-3996

CVE-2023-3996 affects the WordPress plugin “ARMember Lite – Membership”. The vulnerability is a Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in admin settings. It requires authenticated attackers with administrator-level permissions (and above) to inject ...

4.8CVSS6AI score0.00222EPSS

CVE•added 2022/12/06 8:46 p.m.•61 views

CVE-2022-42888

ARMember premium plugin for WordPress (versions

9.8CVSS8.8AI score0.00244EPSS

CVE•added 2023/07/18 2:0 p.m.•51 views

CVE-2022-47421

CVE-2022-47421: Auth. (admin+) Stored Cross-Site Scripting in Repute InfoSystems ARMember (free) and ARMember (premium) WordPress plugins. Administrative users can inject stored XSS via input in ARMember settings/messages; impact per sources includes confidentiality/integrity exposure with potent...

5.9CVSS5.1AI score0.00068EPSS

CVE•added 2023/07/12 4:38 a.m.•33 views

CVE-2023-3011

CVE-2023-3011 affects the WordPress ARMember plugin (up to version 4.0.5). The vulnerability is a Cross-Site Request Forgery caused by missing or incorrect nonce validation in the arm_check_user_cap function, enabling unauthenticated attackers to trigger unauthorized actions if a site administrat...

8.8CVSS8.2AI score0.00148EPSS