Vulnerability Details CVE-2022-1903
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
Exploit prediction scoring system (EPSS) score
EPSS Score 0.085
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
Products affected by CVE-2022-1903
-
cpe:2.3:a:armemberplugin:armember:1.0
-
cpe:2.3:a:armemberplugin:armember:1.1
-
cpe:2.3:a:armemberplugin:armember:1.2
-
cpe:2.3:a:armemberplugin:armember:1.3
-
cpe:2.3:a:armemberplugin:armember:1.4
-
cpe:2.3:a:armemberplugin:armember:1.5
-
cpe:2.3:a:armemberplugin:armember:1.6
-
cpe:2.3:a:armemberplugin:armember:1.7
-
cpe:2.3:a:armemberplugin:armember:1.8
-
cpe:2.3:a:armemberplugin:armember:1.9
-
cpe:2.3:a:armemberplugin:armember:2.0
-
cpe:2.3:a:armemberplugin:armember:2.1
-
cpe:2.3:a:armemberplugin:armember:2.2
-
cpe:2.3:a:armemberplugin:armember:2.3
-
cpe:2.3:a:armemberplugin:armember:2.4
-
cpe:2.3:a:armemberplugin:armember:2.5
-
cpe:2.3:a:armemberplugin:armember:2.6
-
cpe:2.3:a:armemberplugin:armember:2.7
-
cpe:2.3:a:armemberplugin:armember:2.8
-
cpe:2.3:a:armemberplugin:armember:2.8.1
-
cpe:2.3:a:armemberplugin:armember:2.9
-
cpe:2.3:a:armemberplugin:armember:3.0
-
cpe:2.3:a:armemberplugin:armember:3.1
-
cpe:2.3:a:armemberplugin:armember:3.2
-
cpe:2.3:a:armemberplugin:armember:3.3
-
cpe:2.3:a:armemberplugin:armember:3.4
-
cpe:2.3:a:armemberplugin:armember:3.4.1
-
cpe:2.3:a:armemberplugin:armember:3.4.2
-
cpe:2.3:a:armemberplugin:armember:3.4.3
-
cpe:2.3:a:armemberplugin:armember:3.4.4
-
cpe:2.3:a:armemberplugin:armember:3.4.5
-
cpe:2.3:a:armemberplugin:armember:3.4.6
-
cpe:2.3:a:armemberplugin:armember:3.4.7