CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0969 – ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API
https://notcve.org/view.php?id=CVE-2024-0969
01 Feb 2024 — The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content. El complemento ARMember para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.0.21 incluida, a través de la API REST. Esto hace posible que atacantes no autenticados omitan l... • https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52200 – WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-52200
08 Jan 2024 — Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. Cross-Site Request Forgery (CSRF), vulnerabilidad de deserialización de datos no confiables en Repute Infosystems ARMember: complemento de membresía, restricción de contenido, niveles de miembros,... • https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39994 – WordPress ARMember Premium plugin <= 5.9.2 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-39994
11 Aug 2023 — Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2. The ARMember Premium plugin for WordPress is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 5.9.2. This makes it possible for authenticated attackers, with subscriber-level access... • https://patchstack.com/database/wordpress/plugin/armember/vulnerability/wordpress-armember-premium-wordpress-membership-plugin-plugin-5-9-2-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3996 – ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-3996
14 Jul 2023 — The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been d... • https://plugins.svn.wordpress.org/armember-membership/tags/4.0.2/readme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3011 – ARMember <= 4.0.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-3011
05 Jul 2023 — The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/changeset/2932691/armember-membership/trunk/autoload.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47421 – WordPress ARMember (free) and ARMember (premium) plugins - vulnerable to Auth. Stored Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-47421
27 Jun 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins. The ARMember plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an in... • https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-4-stored-cross-site-scripting-xss-on-common-messages-settings?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33323 – WordPress ARMember Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33323
13 Jun 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions. The ARMember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected pag... • https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47140 – WordPress ARMember Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-47140
19 Apr 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions. The ARMember plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unauth. • https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46808 – WordPress ARMember Plugin <= 3.4.11 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-46808
27 Mar 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Repute Infosystems ARMember armember-membership permite la inyección SQL. Este problema afecta a ARMember: desde n/a hasta 3.4.11. The ARMember plugin for WordPress is ... • https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-3-4-11-sql-injection?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42888 – WordPress ARMember Plugin <= 5.5.1 is vulnerable to Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-42888
01 Dec 2022 — Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress. Vulnerabilidad de escalada de privilegios no autorizada en el complemento ARMember premium en versiones <= 5.5.1 en WordPress. The ARMember Premium plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 5.5.1. This makes it possible for unauthenticated attackers to elevate their own privileges with the potential to take over a site. • https://patchstack.com/database/vulnerability/armember/wordpress-armember-premium-plugin-5-5-1-unauth-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •