Access Control Misconfiguration in ARMember by Repute Infosystems
CVE-2022-47425

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Armember
Vendor: CVE Published:; 9 December 2025

What is CVE-2022-47425?

The ARMember plugin by Repute Infosystems has a Missing Authorization vulnerability that arises from incorrectly configured access control security levels. This misconfiguration allows unauthorized access to restricted content by exploiting weaknesses in user authentication mechanisms. These vulnerabilities can compromise user data and allow attackers to manipulate membership roles, making it critical for users to apply security updates and follow best practices for configuration.

Affected Version(s)

ARMember <= 3.4.10

References

https://vdp.patchstack.com/database/wordpress/plugin/arme...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 15, 2022

Credit

Cat (Patchstack Bug Bounty Program)

JSON