ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Software Type	Plugin
Software Slug	armember-membership (view on wordpress.org)
Software Status	Active
Software Author	reputeinfosystems
Software Website	www.armemberplugin.com
Software Downloads	309,660
Software Active Installs	9,000
Software Record Last Updated	December 20, 2024

Showing 1-20 of 21 Vulnerabilities

Submit a Vulnerability

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

6.3

CVE-2024-10681

Dec 5, 2024

Researcher: Arkadiusz Hydzik

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVE-2024-7703

Aug 16, 2024

Researcher: wesley (wcraft)

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect

6.1

CVE-2024-4133

Apr 29, 2024

Researcher: Krzysztof Zając

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.28 - Missing Authorization

5.3

CVE-2024-32948

Apr 22, 2024

Researcher: Kursat Cetin

ARMember <= 4.0.27 - Directory Traversal via X-FILENAME

5.3

CVE ID Unknown

Apr 4, 2024

Researcher: Lucio Sá

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection

8.8

CVE-2024-30222

Mar 26, 2024

Researcher: LVT-tholv2k

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Unauthenticated PHP Object Injection

9.8

CVE-2024-30223

Mar 26, 2024

Researcher: LVT-tholv2k

ARMember <= 4.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-27995

Mar 15, 2024

Researcher: Van Lyubov

ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API

5.3

CVE-2024-0969

Feb 1, 2024

Researcher: Francesco Carlucci

ARMember <= 4.0.22 - Cross-Site Request Forgery

6.3

CVE-2023-52200

Jan 11, 2024

Researcher: Rafie Muhammad

ARMember <= 4.0.10 - Authenticated(Subscriber+) Privilege Escalation

8.8

CVE-2023-51356

Dec 26, 2023

Researcher: Revan Arifio

ARMember <= 4.0.10 - Authenticated (Subscriber+) Membership Plan Bypass

4.3

CVE-2023-47837

Nov 16, 2023

Researcher: Revan Arifio

ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-3996

Jul 14, 2023

Researcher: Marco Wotschka

ARMember <= 4.0.5 - Cross-Site Request Forgery

4.3

CVE-2022-47424

Jul 10, 2023

Researcher: Cat

ARMember <= 4.0.5 - Cross-Site Request Forgery

6.5

CVE-2023-3011

Jul 5, 2023

Researcher: Alex Thomas

ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2022-47421

Jun 27, 2023

Researcher: Cat

ARMember <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-33323

Jun 13, 2023

Researcher: emad

ARMember <= 4.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-47140

Apr 19, 2023

Researcher: TEAM WEBoB of BoB 11th

ARMember <= 3.4.11 - Unauthenticated SQL Injection

9.8

CVE-2022-46808

Mar 27, 2023

Researcher: Le Ngoc Anh

ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure

4.3

CVE-2022-47425

Jan 20, 2023

Researcher: Cat

Title	Status	CVE ID	CVSS	Researchers	Date
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	Patched	CVE-2024-10681	6.3	Arkadiusz Hydzik	December 5, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload	Patched	CVE-2024-7703	6.4	wesley (wcraft)	August 16, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect	Patched	CVE-2024-4133	6.1	Krzysztof Zając	April 29, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.28 - Missing Authorization	Patched	CVE-2024-32948	5.3	Kursat Cetin	April 22, 2024
ARMember <= 4.0.27 - Directory Traversal via X-FILENAME	Patched		5.3	Lucio Sá	April 4, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection	Patched	CVE-2024-30222	8.8	LVT-tholv2k	March 26, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Unauthenticated PHP Object Injection	Patched	CVE-2024-30223	9.8	LVT-tholv2k	March 26, 2024
ARMember <= 4.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting	Patched	CVE-2024-27995	4.4	Van Lyubov	March 15, 2024
ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API	Patched	CVE-2024-0969	5.3	Francesco Carlucci	February 1, 2024
ARMember <= 4.0.22 - Cross-Site Request Forgery	Patched	CVE-2023-52200	6.3	Rafie Muhammad	January 11, 2024
ARMember <= 4.0.10 - Authenticated(Subscriber+) Privilege Escalation	Patched	CVE-2023-51356	8.8	Revan Arifio	December 26, 2023
ARMember <= 4.0.10 - Authenticated (Subscriber+) Membership Plan Bypass	Patched	CVE-2023-47837	4.3	Revan Arifio	November 16, 2023
ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting	Patched	CVE-2023-3996	4.4	Marco Wotschka	July 14, 2023
ARMember <= 4.0.5 - Cross-Site Request Forgery	Patched	CVE-2022-47424	4.3	Cat	July 10, 2023
ARMember <= 4.0.5 - Cross-Site Request Forgery	Patched	CVE-2023-3011	6.5	Alex Thomas	July 5, 2023
ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	Patched	CVE-2022-47421	4.4	Cat	June 27, 2023
ARMember <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	Patched	CVE-2023-33323	4.4	emad	June 13, 2023
ARMember <= 4.0 - Reflected Cross-Site Scripting	Patched	CVE-2022-47140	6.1	TEAM WEBoB of BoB 11th	April 19, 2023
ARMember <= 3.4.11 - Unauthenticated SQL Injection	Patched	CVE-2022-46808	9.8	Le Ngoc Anh	March 27, 2023
ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure	Patched	CVE-2022-47425	4.3	Cat	January 20, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation