CVE-2026-5076
published 2026-06-02CVE-2026-5076: The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.42%
33.6th percentile
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a password reset. This is in addition to the hashed key that WordPress core stores securely in `wp_users.user_activation_key`. The plaintext key stored in `wp_usermeta` can be used with the plugin's custom `armrp` reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-5073, CVE-2026-5074), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ARMember Premium Plugin up to 7.3.1 on WordPress Password Reset arm_reset_password_key improper authentication
vuldb·2026-06-03·CVSS 9.8
CVE-2026-5076 [CRITICAL] ARMember Premium Plugin up to 7.3.1 on WordPress Password Reset arm_reset_password_key improper authentication
A vulnerability described as critical has been identified in ARMember Premium Plugin up to 7.3.1 on WordPress. This impacts the function arm_reset_password_key of the component Password Reset Handler. The manipulation results in improper authentication.
This vulnerability was named CVE-2026-5076. The attack may be performed from remote. There is no available exploit.
GHSA
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1.
ghsa_unreviewed·2026-06-02·CVSS 7.5
CVE-2026-5076 [HIGH] CWE-287 The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1.
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a password reset. This is in addition to the hashed key that WordPress core stores securely in `wp_users.user_activation_key`. The plaintext key stored in `wp_usermeta` can be used with the plugin's custom `armrp` reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-5073, CVE-2026-5074), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-02
Published