WordPress Plugin Vulnerabilities
ARMember < 4.0.6 - ARMember Cross-Site Request Forgery
Description
The plugin does not properly validate nonces in the arm_check_user_cap function, leading to a potential Cross-Site Request Forgery vulnerability. As a result, unauthenticated users can carry out actions without appropriate permissions, provided they manage to mislead a site administrator into clicking on a manipulated link.
Affects Plugins
Fixed in 4.0.6 References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Alex Thomas
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-07-05 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-12 (about 2 years ago)
WPScan 