Lucene search
WpvulndbWPVDB-ID:B9BC3F12-4402-4F2F-8B13-9980DC644DA8HistoryJun 11, 2024 - 12:00 a.m.
ARMember < 4.0.28 - Directory Traversal via X-FILENAME
2024-06-1100:00:00
wpscan.com
1
armember plugin
wordpress
directory traversal
7.1 High
AI Score
Confidence
Low
Description The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the βX-FILENAMEβ HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the βwp-content/uploads/armemberβ directory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 4.0.28 |
7.1 High
AI Score
Confidence
Low