WordPress Plugin Vulnerabilities

Member Hero <= 1.0.9 - Unauthenticated RCE

Description

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.

Proof of Concept

Affects Plugins

Plugin icon
member-hero
No known fix

References

CVE
CVE-2022-0885

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.0 (critical)

Miscellaneous

Original Researcher
Harald Eilertsen
Submitter
Harald Eilertsen
Submitter website
https://jetpack.com
Verified
Yes
WPVDB ID
8b08b72e-5584-4f25-ab73-5ab0f47412df

Timeline

Publicly Published
2022-05-18 (about 3 years ago)
Added
2022-05-18 (about 3 years ago)
Last Updated
2023-02-08 (about 2 years ago)

Other

Published
Title
Published
2025-02-03
Title
Uix Shortcodes < 2.0.4 - Unauthenticated Arbitrary Shortcode Execution
Published
2024-06-20
Title
WishList Member X < 3.26.7 - Subscriber+ Remote Code Execution
Published
2014-08-01
Title
Archin 3.2 - hades_framework/option_panel/ajax.php Configuration Option Manipulation
Published
2024-09-09
Title
Affiliate Super Assistent < 1.5.4 - Unauthenticated Arbitrary Shortcode Execution
Published
2024-08-12
Title
JS Help Desk – The Ultimate Help Desk & Support Plugin < 2.8.7 - Unauthenticated PHP Code Injection to Remote Code Execution