ARMember < 4.0.11 – Subscriber+ Privilege Escalation | CVE 2023-51356

Affects Plugins

Fixed in 4.0.11

References

CVE

CVE-2023-51356

URL

https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-privilege-escalation-vulnerability

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-269

CVSS

8.8 (high)

Miscellaneous

Original Researcher

Revan Arifio

Verified

No

WPVDB ID

60dcc157-5d5c-47bc-97e7-bca8b274c776

Timeline

Publicly Published

2023-12-26 (about 2 years ago)

Added

2024-01-05 (about 2 years ago)

Last Updated

2024-01-05 (about 2 years ago)

Other

Published

Title

Published

2024-12-17

Title

WPLMS < 1.9.9.1 - Unauthenticated Privilege Escalation

Published

2025-02-11

Title

Real Estate 7 WordPress < 3.5.2 - Unauthenticated Privilege Escalation

Published

2025-10-02

Title

Appy Pie Connect for WooCommerce <= 1.1.2 - Unauthenticated Privilege Escalation

Published

2024-12-20

Title

AdForest < 5.1.7 - Privilege Escalation via Password Reset/Account Takeover

Published

2022-10-10

Title

Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation