The Member Hero plugin version 1.0.9 is vulnerable to unauthenticated remote code execution due to lack of authorization checks and validation of request parameters, allowing arbitrary PHP function calls by unauthenticated users
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
Patchstack | WordPress Member Hero plugin <= 1.0.9 - Unauthenticated Remote Code Execution (RCE) vulnerability | 18 May 202200:00 | – | patchstack |
wpexploit | Member Hero <= 1.0.9 - Unauthenticated RCE | 18 May 202200:00 | – | wpexploit |
CVE | CVE-2022-0885 | 13 Jun 202213:15 | – | cve |
Cvelist | CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE | 13 Jun 202212:41 | – | cvelist |
Nuclei | Member Hero <=1.0.9 - Remote Code Execution | 20 Oct 202209:44 | – | nuclei |
CNVD | WordPress Member Hero plugin code injection vulnerability | 15 Jun 202200:00 | – | cnvd |
Prion | Authorization | 13 Jun 202213:15 | – | prion |
NVD | CVE-2022-0885 | 13 Jun 202213:15 | – | nvd |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo