CVE-2023-47837
- EPSS 0.25%
- Published 04.06.2024 10:15:12
- Last modified 29.05.2025 20:37:47
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
CVE-2023-3996
- EPSS 0.18%
- Published 20.10.2023 08:15:12
- Last modified 21.11.2024 08:18:29
The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authen...
CVE-2022-47421
- EPSS 0.05%
- Published 18.07.2023 15:15:11
- Last modified 21.11.2024 07:31:55
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.
CVE-2023-3011
- EPSS 0.07%
- Published 12.07.2023 05:15:09
- Last modified 21.11.2024 08:16:14
The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated...
CVE-2022-42888
- EPSS 0.12%
- Published 06.12.2022 21:15:10
- Last modified 21.11.2024 07:25:31
Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.
CVE-2022-1903
- EPSS 82.65%
- Published 27.06.2022 09:15:10
- Last modified 21.11.2024 06:41:43
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrar...