Security Advisory

CVE-2022-1903

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-27 08:58:19

Last updated 2024-08-03 00:17:00

Assigner WPScan

State PUBLISHED

Description

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username

← Browse all CVEs View on cve.org ↗