GCVE - cpe:2.3:a:reputeinfosystems:armember:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:reputeinfosystems:armember:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Reputeinfosystems (`49750278-e8bc-59c0-be32-c061c007e30f`)
Product	Armember (`525975d4-bcad-5117-be51-a0f77ab21df4`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-32948`	vulnerable	2026-06-08 06:37:24.760871	WordPress ARMember – Membership Plugin plugin <= 4.0.28 - Broken Access Control vulnerability CRITICAL (9.1) Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. Published: 2024-04-24T07:03:17.452Z Updated: 2026-04-28T16:09:41.971Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-membership-plugin-plugin-4-0-28-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-30223`	vulnerable	2026-06-08 06:35:29.278542	WordPress ARMember plugin <= 4.0.26 - Unauthenticated PHP Object Injection vulnerability CRITICAL (9) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. Published: 2024-03-28T05:04:13.840Z Updated: 2026-04-28T16:09:22.200Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-unauthenticated-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-30222`	vulnerable	2026-06-08 06:35:29.278093	WordPress ARMember plugin <= 4.0.26 - PHP Object Injection vulnerability HIGH (8.5) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. Published: 2024-03-28T05:05:42.156Z Updated: 2026-04-28T16:09:22.085Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-27995`	vulnerable	2026-06-08 06:33:25.289569	WordPress ARMember plugin <= 4.0.23 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23. Published: 2024-03-21T15:00:59.052Z Updated: 2026-04-28T16:09:15.350Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0969`	vulnerable	2026-06-08 06:22:03.243839	ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API MEDIUM (5.3) The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content. Published: 2024-02-05T21:22:05.137Z Updated: 2026-04-08T17:31:00.154Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-52200`	vulnerable	2026-06-08 06:17:54.447367	WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection CRITICAL (9.6) Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. Published: 2024-01-08T19:18:44.234Z Updated: 2026-04-28T16:09:06.768Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51356`	vulnerable	2026-06-08 06:16:17.356248	WordPress ARMember plugin <= 4.0.10 - Privilege Escalation vulnerability HIGH (8.8) Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. Published: 2024-05-17T08:39:42.452Z Updated: 2026-04-28T16:09:00.503Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-privilege-escalation-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47837`	vulnerable	2026-06-08 06:14:25.816286	WordPress ARMember plugin <= 4.0.10 - Membership Plan Bypass vulnerability HIGH (8.3) Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. Published: 2024-06-04T10:10:14.075Z Updated: 2026-04-28T16:08:52.846Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-membership-plan-bypass-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33323`	vulnerable	2026-06-08 06:06:22.323671	WordPress ARMember Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) MEDIUM (5.9) Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions. Published: 2023-06-22T12:12:00.934Z Updated: 2026-04-28T16:08:25.226Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-47140`	vulnerable	2026-06-08 05:50:39.885187	WordPress ARMember Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS) HIGH (7.1) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions. Published: 2023-06-12T12:52:04.870Z Updated: 2026-04-28T16:07:56.146Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-cross-site-scripting-xss?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-46808`	vulnerable	2026-06-08 05:50:39.477346	WordPress ARMember Plugin <= 3.4.11 is vulnerable to SQL Injection HIGH (8.2) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. Published: 2023-11-03T12:36:47.083Z Updated: 2026-04-28T16:07:54.803Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-3-4-11-sql-injection?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.