CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.

CWE 2 Total

Learn more

CWE-862 Missing Authorization
CWE-94 Improper Control of Generation of Code ('Code Injection')

Product Status

Learn more

Versions 1 Total

Default Status: affected

affected

Credits

Harald Eilertsen finder
WPScan coordinator

References 1 Total

https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df
external site
exploitvdb-entrytechnical-description

Updated: 2024-08-02

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df
external site
exploitvdb-entrytechnical-descriptionx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: WPScan

Description

CWE 2 Total

Product Status

Credits

References 1 Total

CVE Program

References 1 Total