Insecure Password Reset Mechanism in ARMember Premium Plugin for WordPress
CVE-2026-5076

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Armember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-5076?

The ARMember Premium plugin for WordPress is compromised by an insecure password reset mechanism present in all versions up to and including 7.3.1. When a user requests a password reset, the plugin unintentionally stores the plaintext password reset key in the arm_reset_password_key user meta field. This compromises the user's security since the hashed key, which is stored securely in the wp_users.user_activation_key, does not provide adequate protection against unauthorized access. By exploiting this weakness, attackers could use SQL Injection vulnerabilities in conjunction with the insecure reset feature to extract the plaintext reset key and gain control over user accounts, potentially including those with administrative privileges.

Affected Version(s)

ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup 0 <= 7.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/armember-complete-wordpress-m...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Mar 28, 2026

Credit

Phú

CVE-2026-5076 Data

JSON