Search criteria
2 vulnerabilities found for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup by Unknown
CVE-2022-1903 (GCVE-0-2022-1903)
Vulnerability from cvelistv5 – Published: 2022-06-27 08:58 – Updated: 2024-08-03 00:17
VLAI?
Title
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
Summary
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup |
Affected:
3.4.8 , < 3.4.8
(custom)
|
Credits
cydave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile \u0026 User signup",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.8",
"status": "affected",
"version": "3.4.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T08:58:19",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ARMember \u003c 3.4.8 - Unauthenticated Admin Account Takeover",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1903",
"STATE": "PUBLIC",
"TITLE": "ARMember \u003c 3.4.8 - Unauthenticated Admin Account Takeover"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile \u0026 User signup",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.8",
"version_value": "3.4.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1903",
"datePublished": "2022-06-27T08:58:19",
"dateReserved": "2022-05-27T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1903 (GCVE-0-2022-1903)
Vulnerability from nvd – Published: 2022-06-27 08:58 – Updated: 2024-08-03 00:17
VLAI?
Title
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
Summary
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup |
Affected:
3.4.8 , < 3.4.8
(custom)
|
Credits
cydave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile \u0026 User signup",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.8",
"status": "affected",
"version": "3.4.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T08:58:19",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ARMember \u003c 3.4.8 - Unauthenticated Admin Account Takeover",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1903",
"STATE": "PUBLIC",
"TITLE": "ARMember \u003c 3.4.8 - Unauthenticated Admin Account Takeover"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile \u0026 User signup",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.8",
"version_value": "3.4.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1903",
"datePublished": "2022-06-27T08:58:19",
"dateReserved": "2022-05-27T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}