ARMember 漏洞列表

共找到 2 个与 ARMember 相关的漏洞

📅 加载漏洞趋势中...

CVE-2022-1903: ARMember < 3.4.8 - Unauthenticated Admin Account Takeover POC

日期: 2025-08-01 | 影响软件: ARMember

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username.
CVE-2022-1903: ARMember < 3.4.8 - Unauthenticated Admin Account Takeover POC

日期: 2025-08-01 | 影响软件: ARMember

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username.