Armember Security Vulnerabilities and Issues — Armember CVE List

Lucene search

ArmemberpluginArmember

3 matches found

CVE•added 2022/06/27 9:15 a.m.•84 views

CVE-2022-1903

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username

8.1CVSS8.2AI score0.82646EPSS

CVE•added 2023/07/12 5:15 a.m.•23 views

CVE-2023-3011

The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized actio...

8.8CVSS8.2AI score0.00219EPSS

CVE•added 2024/06/04 10:15 a.m.•17 views

CVE-2023-47837

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.

8.8CVSS8.4AI score0.00248EPSS