WordPress Plugin Vulnerabilities

ARMember < 5.6 - Unauthenticated Privilege Escalation

Description

The plugin could allow unauthenticated attackers to escalate themselves as admin

Affects Plugins

Plugin icon
armember
Fixed in 5.6

References

CVE
CVE-2022-42888

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
9afd1de1-3bae-4e57-9082-396141373e43

Timeline

Publicly Published
2022-12-01 (about 3 years ago)
Added
2022-12-06 (about 3 years ago)
Last Updated
2022-12-06 (about 3 years ago)

Other

Published
Title
Published
2026-02-18
Title
Toret Manager < 1.3.0 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions
Published
2024-07-10
Title
JSON API User < 3.9.4 - Unauthenticated Privilege Escalation
Published
2025-05-06
Title
Frontend Dashboard 1.0 - 2.2.6 - Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function
Published
2026-01-21
Title
LA-Studio Element Kit for Elementor < 1.6.0 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
Published
2025-11-06
Title
IDonate 2.1.5 - 2.1.9 - Subscriber+ Account Takeover/Privilege Escalation