Skip to main content

Imember360

5 CVEs product

Monthly

CVE-2014-8949 MEDIUM POC THREAT This Month

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.4%.

RCE WordPress Code Injection Imember360
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
10.4%
CVE-2014-8948 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress Imember360
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-3849 MEDIUM POC THREAT This Month

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.3%.

WordPress Privilege Escalation Imember360
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
10.3%
CVE-2014-3848 MEDIUM POC THREAT This Month

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

WordPress Privilege Escalation Imember360
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-3842 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Imember360
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.1%
EPSS 10% CVSS 6.0
MEDIUM POC THREAT This Month

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.4%.

RCE WordPress Code Injection +1
NVD Exploit-DB
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress Imember360
NVD Exploit-DB
EPSS 10% CVSS 4.3
MEDIUM POC THREAT This Month

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.3%.

WordPress Privilege Escalation Imember360
NVD Exploit-DB
EPSS 15% CVSS 5.0
MEDIUM POC THREAT This Month

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

WordPress Privilege Escalation Imember360
NVD Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Imember360
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy