CVE-2014-8948

iMember360 3.8.012-3.9.001 - Cross-Site Request Forgery via i4w_trace Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8948. PoCs published by Everett Griffiths.

AI-analyzed exploit summary The writeup details multiple vulnerabilities in the iMember360 WordPress plugin, including database credential disclosure, XSS, arbitrary user deletion, and arbitrary code execution via unescaped shell commands. It provides proof-of-concept parameters for exploitation but lacks executable code.

Description

Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.

Exploits (1)

exploitdb WRITEUP
by Everett Griffiths · textwebappsphp
https://www.exploit-db.com/exploits/33076

The writeup details multiple vulnerabilities in the iMember360 WordPress plugin, including database credential disclosure, XSS, arbitrary user deletion, and arbitrary code execution via unescaped shell commands. It provides proof-of-concept parameters for exploitation but lacks executable code.

Classification
Writeup 90%
Attack Type
Info Leak | Xss | Auth Bypass | Rce
Complexity
Trivial
Reliability
Reliable
Target: iMember360 WordPress plugin v3.8.012 thru v3.9.001
Auth required
Prerequisites: Plugin installed · Admin access for RCE · No API key configured for user deletion
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58094
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33076
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/265
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/106301

Scores

EPSS 0.0372
EPSS Percentile 88.4%

Details

CWE
CWE-352
Status published
Products (5)
imember360/imember360 3.8.012
imember360/imember360 3.8.013
imember360/imember360 3.8.014
imember360/imember360 3.9.000
imember360/imember360 3.9.001
Published Nov 16, 2014
Tracked Since Feb 18, 2026