cbcvebase.

Reputeinfosystems Armember vulnerabilities

15 known vulnerabilities affecting reputeinfosystems/armember.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2022-46808P3CRITICALCVSS 9.8fixed in 4.02023-11-03
CVE-2022-46808 [CRITICAL] CWE-89 CVE-2022-46808: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.
nvd
CVE-2023-51356P3HIGHCVSS 8.8fixed in 4.0.112024-05-17
CVE-2023-51356 [HIGH] CWE-269 CVE-2023-51356: Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalati Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
nvd
CVE-2023-47837P3HIGHCVSS 8.8fixed in 4.0.112024-06-04
CVE-2023-47837 [HIGH] CWE-269 CVE-2023-47837: Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalati Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
nvd
CVE-2024-30223P3CRITICALCVSS 9.8fixed in 4.0.272024-03-28
CVE-2024-30223 [CRITICAL] CWE-502 CVE-2024-30223: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects AR Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
nvd
CVE-2023-52200P3CRITICALCVSS 9.8≤ 4.0.222024-01-08
CVE-2023-52200 [CRITICAL] CWE-352 CVE-2023-52200: Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosys Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.
nvd
CVE-2024-30222P3HIGHCVSS 8.8fixed in 4.0.272024-03-28
CVE-2024-30222 [HIGH] CWE-502 CVE-2024-30222: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects AR Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
nvd
CVE-2022-47425P3HIGHCVSS 8.8fixed in 3.4.112025-12-09
CVE-2022-47425 [HIGH] CWE-862 CVE-2022-47425: Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Con Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
nvd
CVE-2022-42888P3HIGHCVSS 8.8≥ n/a, ≤ 5.5.12022-12-06
CVE-2022-42888 [HIGH] CWE-269 CVE-2022-42888: Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress. Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.
nvd
CVE-2024-32948P3CRITICALCVSS 9.1fixed in 4.0.292024-04-24
CVE-2024-32948 [CRITICAL] CWE-862 CVE-2024-32948: Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.
nvd
CVE-2022-47424P3HIGHCVSS 8.8fixed in 4.0.6fixed in 6.7.12024-11-19
CVE-2022-47424 [HIGH] CWE-352 CVE-2022-47424: Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems A Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.
nvd
CVE-2024-0969P4MEDIUMCVSS 5.3≤ 4.0.242024-02-05
CVE-2024-0969 [MEDIUM] CWE-284 CVE-2024-0969: The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.
nvd
CVE-2024-27995P4MEDIUMCVSS 5.4fixed in 4.0.242024-03-21
CVE-2024-27995 [MEDIUM] CWE-79 CVE-2024-27995: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/
nvd
CVE-2022-47140P4MEDIUMCVSS 6.1≤ 4.0.12023-06-12
CVE-2022-47140 [MEDIUM] CWE-79 CVE-2022-47140: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.
nvd
CVE-2023-39994P4MEDIUMCVSS 4.3fixed in 5.9.32025-01-02
CVE-2023-39994 [MEDIUM] CWE-862 CVE-2023-39994: Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorre Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2.
nvd
CVE-2023-33323P4MEDIUMCVSS 4.8≤ 4.0.22023-06-22
CVE-2023-33323 [MEDIUM] CWE-79 CVE-2023-33323: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.
nvd
Reputeinfosystems Armember vulnerabilities | cvebase