CVE-2023-47837
- EPSS 0.25%
- Veröffentlicht 04.06.2024 10:15:12
- Zuletzt bearbeitet 29.05.2025 20:37:47
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
CVE-2023-3996
- EPSS 0.18%
- Veröffentlicht 20.10.2023 08:15:12
- Zuletzt bearbeitet 21.11.2024 08:18:29
The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authen...
CVE-2022-47421
- EPSS 0.05%
- Veröffentlicht 18.07.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 07:31:55
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.
CVE-2023-3011
- EPSS 0.07%
- Veröffentlicht 12.07.2023 05:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:14
The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated...
CVE-2022-42888
- EPSS 0.12%
- Veröffentlicht 06.12.2022 21:15:10
- Zuletzt bearbeitet 21.11.2024 07:25:31
Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.
CVE-2022-1903
- EPSS 82.65%
- Veröffentlicht 27.06.2022 09:15:10
- Zuletzt bearbeitet 21.11.2024 06:41:43
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrar...