Lucene search
WpvulndbWPVDB-ID:C35E7A19-3D15-4A1C-93AD-C2A0975AA82BHistoryJul 05, 2023 - 12:00 a.m.
ARMember < 4.0.6 - ARMember Cross-Site Request Forgery
2023-07-0500:00:00
wpscan.com
6
armember
cross-site request forgery
nonce validation
unauthenticated users
site administrator
EPSS
0.003
Percentile
68.4%
The plugin does not properly validate nonces in the arm_check_user_cap function, leading to a potential Cross-Site Request Forgery vulnerability. As a result, unauthenticated users can carry out actions without appropriate permissions, provided they manage to mislead a site administrator into clicking on a manipulated link.
Related
cvelist
cvelist
CVE-2023-3011
2023-07-12 04:38:44
prion
prion
Cross site request forgery (csrf)
2023-07-12 05:15:00
cve
cve
CVE-2023-3011
2023-07-12 05:15:09
nvd
nvd
CVE-2023-3011
2023-07-12 05:15:09
wordfence
wordfence