CVE-2014-3849

iMember360 3.8.012-3.9.001 - Unauthenticated Arbitrary User Deletion via Email Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3849. PoCs published by Everett Griffiths.

AI-analyzed exploit summary The writeup details multiple vulnerabilities in the iMember360 WordPress plugin, including database credential disclosure, XSS, arbitrary user deletion, and arbitrary code execution via unescaped shell commands. It provides proof-of-concept parameters for exploitation but lacks executable code.

Description

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.

Exploits (1)

exploitdb WRITEUP
by Everett Griffiths · textwebappsphp
https://www.exploit-db.com/exploits/33076

The writeup details multiple vulnerabilities in the iMember360 WordPress plugin, including database credential disclosure, XSS, arbitrary user deletion, and arbitrary code execution via unescaped shell commands. It provides proof-of-concept parameters for exploitation but lacks executable code.

Classification
Writeup 90%
Attack Type
Info Leak | Xss | Auth Bypass | Rce
Complexity
Trivial
Reliability
Reliable
Target: iMember360 WordPress plugin v3.8.012 thru v3.9.001
Auth required
Prerequisites: Plugin installed · Admin access for RCE · No API key configured for user deletion
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33076
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/106300
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/265

Scores

EPSS 0.0597
EPSS Percentile 92.4%

Details

CWE
CWE-264
Status published
Products (5)
imember360/imember360 3.8.012
imember360/imember360 3.8.013
imember360/imember360 3.8.014
imember360/imember360 3.9.000
imember360/imember360 3.9.001
Published May 23, 2014
Tracked Since Feb 18, 2026