Security Advisory

CVE-2022-0885

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-13 12:41:39

Last updated 2024-08-02 23:47:41

Assigner WPScan

State PUBLISHED

Description

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.

← Browse all CVEs View on cve.org ↗