cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10681,https://securityvulnerability.io/vulnerability/CVE-2024-10681,Unsafe Shortcode Execution Vulnerability,"The ARMember – Membership Plugin for WordPress has a significant vulnerability that allows malicious actors to execute arbitrary shortcodes. This issue arises from the plugin's failure to properly validate input values before processing the do_shortcode function. As a result, authenticated attackers with subscriber-level access or higher can exploit this flaw, potentially leading to unauthorized actions within the website. It's crucial for users of ARMember to address this vulnerability promptly to safeguard their sites against possible manipulation and misuse.",Wordpress,"Armember – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup",6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-12-06T09:23:00.490Z,0
CVE-2024-7703,https://securityvulnerability.io/vulnerability/CVE-2024-7703,Stored Cross-Site Scripting Vulnerability in ARMember Membership Plugin,"The ARMember Membership Plugin for WordPress has a vulnerability that enables stored cross-site scripting through improperly handled SVG file uploads. This issue arises from inadequate input sanitization and output escaping mechanisms, allowing authenticated users with Subscriber-level access or higher to inject malicious web scripts. When these SVG files are accessed by other users, the embedded scripts are executed in their browsers, potentially leading to unauthorized actions or data exposure. It is crucial for users of affected versions to apply security updates and review their configurations to mitigate this risk.",Wordpress,"Armember – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup",6.4,MEDIUM,0.0006799999973736703,false,,false,false,true,true,false,false,2024-08-17T11:15:02.207Z,0
CVE-2024-5596,https://securityvulnerability.io/vulnerability/CVE-2024-5596,Cross-Site Request Forgery Vulnerability in ARMember Premium Plugin for WordPress,"The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta and plugin options which can lead to limited privilege escalation.",Wordpress,"Armember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup",6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-22T05:47:55.999Z,0
CVE-2024-4133,https://securityvulnerability.io/vulnerability/CVE-2024-4133,Open Redirect Vulnerability in ARMember Membership Plugin for WordPress,"The ARMember – Membership Plugin for WordPress is susceptible to an Open Redirect vulnerability due to inadequate validation of the redirect URL provided through the redirect_to parameter. This flaw allows unauthenticated attackers to manipulate users into being redirected to potentially harmful websites, provided they can deceive users into performing specific actions. This presents a significant security concern, as it could lead to phishing attacks or the spread of malicious content.",Wordpress,"Armember – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:17.860Z,0
CVE-2024-0969,https://securityvulnerability.io/vulnerability/CVE-2024-0969,Sensitive Information Exposure Vulnerability in ARMember Plugin for WordPress,"The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's ""Default Restriction"" feature and view restricted post content.",Wordpress,"ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup",5.3,MEDIUM,0.0007699999841861427,false,,false,false,false,,false,false,2024-02-05T21:22:05.137Z,0
CVE-2023-3996,https://securityvulnerability.io/vulnerability/CVE-2023-3996,Stored Cross-Site Scripting Vulnerability in ARMember Lite Membership Plugin for WordPress,"The ARMember Lite Membership Plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting (XSS) through improper input sanitization and output escaping in the admin settings. This flaw affects versions up to and including 4.0.14, and may allow authenticated attackers with administrator-level permissions to inject malicious scripts into pages. The risk is amplified in multi-site installations and in setups where the 'unfiltered_html' capability is disabled, leading to potential exploitation when authorized users access compromised pages.",Wordpress,"ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup",4.8,MEDIUM,0.0007099999929778278,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2023-3011,https://securityvulnerability.io/vulnerability/CVE-2023-3011,Cross-Site Request Forgery Vulnerability in ARMember Plugin for WordPress,"The ARMember plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation on the arm_check_user_cap function. This flaw allows unauthenticated attackers to execute unauthorized actions by deceiving a site administrator into clicking a malicious link, thereby potentially compromising the integrity of the site.",Wordpress,"Armember – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup",6.5,MEDIUM,0.001970000099390745,false,,false,false,false,,false,false,2023-07-12T05:15:00.000Z,0
CVE-2022-1903,https://securityvulnerability.io/vulnerability/CVE-2022-1903,ARMember < 3.4.8 - Unauthenticated Admin Account Takeover,"The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username",Wordpress,"Armember – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup",8.1,HIGH,0.5679900050163269,false,,false,false,true,true,false,false,2022-06-27T08:58:19.000Z,0