Vulnerabilities and security researches forarmember-membership armember-membership

Direction: ascending

Jun 06, 2024

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-3011

CVE, Research URL: CVE-2023-3011
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Jul 12, 2023
Research Description: The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 4.0.6.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-51356

CVE, Research URL: CVE-2023-51356
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
Affected versions: max 4.0.11.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-52200

CVE, Research URL: CVE-2023-52200
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Jan 09, 2024
Research Description: Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.
Affected versions: max 4.0.23.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-1903

CVE, Research URL: CVE-2022-1903
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Jun 27, 2022
Research Description: The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
Affected versions: max 3.4.8.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-33323

CVE, Research URL: CVE-2023-33323
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Jun 22, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.
Affected versions: max 4.0.3.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-3996

CVE, Research URL: CVE-2023-3996
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Oct 20, 2023
Research Description: The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 4.0.17.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-47837

CVE, Research URL: CVE-2023-47837
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Jun 04, 2024
Research Description: Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
Affected versions: max 4.0.11.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-46808

CVE, Research URL: CVE-2022-46808
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Nov 03, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.
Affected versions: max 4.0.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47140

CVE, Research URL: CVE-2022-47140
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Jun 12, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.
Affected versions: max 4.0.2.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47421

CVE, Research URL: CVE-2022-47421
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Jul 18, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.
Affected versions: max 4.0.5.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-0969

CVE, Research URL: CVE-2024-0969
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Feb 06, 2024
Research Description: The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.
Affected versions: max 4.0.25.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-30223

CVE, Research URL: CVE-2024-30223
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Mar 28, 2024
Research Description: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
Affected versions: max 4.0.27.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-30222

CVE, Research URL: CVE-2024-30222
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Mar 28, 2024
Research Description: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
Affected versions: max 4.0.28.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-4133

CVE, Research URL: CVE-2024-4133
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: May 02, 2024
Research Description: The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Affected versions: max 4.0.31.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-27995

CVE, Research URL: CVE-2024-27995
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Mar 21, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23.
Affected versions: max 4.0.24.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-32948

CVE, Research URL: CVE-2024-32948
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Apr 24, 2024
Research Description: Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.
Affected versions: max 4.0.29.
Status: vulnerable

Jun 10, 2024

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47424

CVE, Research URL: CVE-2022-47424
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: -
Research Description: The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 4.0.5.
Status: vulnerable

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47425

CVE, Research URL: CVE-2022-47425
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Dec 09, 2025
Research Description: Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
Affected versions: max 3.4.11.
Status: vulnerable

Aug 18, 2024

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-7703

CVE, Research URL: CVE-2024-7703
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Aug 17, 2024
Research Description: The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions: max 4.0.38.
Status: vulnerable

Dec 07, 2024

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-10681

CVE, Research URL: CVE-2024-10681
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: Dec 06, 2024
Research Description: The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions: max 4.0.52.
Status: vulnerable

May 04, 2026

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2026-7649

CVE, Research URL: CVE-2026-7649
Home page URL: Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Application: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Date: May 02, 2026
Research Description: The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 4.0.60.
Status: vulnerable

Vulnerabilities and security researches forarmember-membership armember-membership

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2023-3011

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2023-51356

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2023-52200

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2022-1903

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2023-33323

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2023-3996

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2023-47837

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2022-46808

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2022-47140

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2022-47421

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-0969

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-30223

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-30222

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-4133

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-27995

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-32948

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2022-47424

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2022-47425

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-7703

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2024-10681

ARMember &#8211; Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User signup # CVE-2026-7649

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-3011

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-51356

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-52200

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-1903

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-33323

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-3996

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2023-47837

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-46808

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47140

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47421

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-0969

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-30223

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-30222

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-4133

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-27995

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-32948

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47424

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2022-47425

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-7703

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2024-10681

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup # CVE-2026-7649