Vulnerability Details CVE-2022-1903
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
Exploit prediction scoring system (EPSS) score
EPSS Score 0.826
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2022-1903
-
cpe:2.3:a:armemberplugin:armember:1.0
-
cpe:2.3:a:armemberplugin:armember:1.1
-
cpe:2.3:a:armemberplugin:armember:1.2
-
cpe:2.3:a:armemberplugin:armember:1.3
-
cpe:2.3:a:armemberplugin:armember:1.4
-
cpe:2.3:a:armemberplugin:armember:1.5
-
cpe:2.3:a:armemberplugin:armember:1.6
-
cpe:2.3:a:armemberplugin:armember:1.7
-
cpe:2.3:a:armemberplugin:armember:1.8
-
cpe:2.3:a:armemberplugin:armember:1.9
-
cpe:2.3:a:armemberplugin:armember:2.0
-
cpe:2.3:a:armemberplugin:armember:2.1
-
cpe:2.3:a:armemberplugin:armember:2.2
-
cpe:2.3:a:armemberplugin:armember:2.3
-
cpe:2.3:a:armemberplugin:armember:2.4
-
cpe:2.3:a:armemberplugin:armember:2.5
-
cpe:2.3:a:armemberplugin:armember:2.6
-
cpe:2.3:a:armemberplugin:armember:2.7
-
cpe:2.3:a:armemberplugin:armember:2.8
-
cpe:2.3:a:armemberplugin:armember:2.8.1
-
cpe:2.3:a:armemberplugin:armember:2.9
-
cpe:2.3:a:armemberplugin:armember:3.0
-
cpe:2.3:a:armemberplugin:armember:3.1
-
cpe:2.3:a:armemberplugin:armember:3.2
-
cpe:2.3:a:armemberplugin:armember:3.3
-
cpe:2.3:a:armemberplugin:armember:3.4
-
cpe:2.3:a:armemberplugin:armember:3.4.1
-
cpe:2.3:a:armemberplugin:armember:3.4.2
-
cpe:2.3:a:armemberplugin:armember:3.4.3
-
cpe:2.3:a:armemberplugin:armember:3.4.4
-
cpe:2.3:a:armemberplugin:armember:3.4.5
-
cpe:2.3:a:armemberplugin:armember:3.4.6
-
cpe:2.3:a:armemberplugin:armember:3.4.7