Deserialization of Untrusted Data Vulnerability Affects ARMember
CVE-2024-30223

9CRITICAL

Key Information:

Vendor: WordPress
Status: Armember
Vendor: CVE Published:; 28 March 2024

Summary

A vulnerability exists in the ARMember plugin by Repute Infosystems, stemming from improper deserialization of untrusted data. This flaw may allow unauthorized users to exploit the affected versions of the plugin, potentially leading to various security implications such as PHP object injection. As a result, user data integrity can be compromised, requiring immediate attention and remediation for those utilizing the ARMember plugin.

Affected Version(s)

ARMember <= 4.0.26

References

https://patchstack.com/database/vulnerability/armember-me...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Mar 26, 2024

Credit

LVT-tholv2k (Patchstack Alliance)