CVE-2023-52200

CRITICAL

Reputeinfosystems Armember < 4.0.22 - Insecure Deserialization

Title source: rule

Description

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.

References (1)

[Third Party Advisory] https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve

Scores

CVSS v3 9.6

EPSS 0.0019

EPSS Percentile 41.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502 CWE-352

Status published

Affected Products (1)

reputeinfosystems/armember < 4.0.22

Timeline

Published Jan 08, 2024

Tracked Since Feb 18, 2026