cleantalk
Vulnerabilities and Security Researches

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup, CVE-2022-47424

CVE, Research URL

CVE-2022-47424

Home page URL

Security reports for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Application

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Published on
-
Research Description
The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.0.5.
Status
vulnerable
Previous vulnerability researches
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup (CVE-2023-3011) , Jun 06, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup (CVE-2023-51356) , Jun 06, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup (CVE-2023-52200) , Jun 06, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup (CVE-2022-1903) , Jun 06, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup (CVE-2023-33323) , Jun 06, 2024
New vulnerability
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2026-4100) , May 04, 2026
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup (CVE-2026-7649) , May 04, 2026
FundPress – WordPress Donation Plugin (CVE-2026-4650) , May 04, 2026
Import and export users and customers (CVE-2026-7641) , May 04, 2026
NextMove Lite – Thank You Page for WooCommerce (CVE-2026-0703) , May 04, 2026