CVE-2023-52200

CRITICAL

ARMember < 4.0.22 - Cross-Site Request Forgery to PHP Object Injection

Title source: llm

Description

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve

Scores

CVSS v3 9.6

EPSS 0.0027

EPSS Percentile 18.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352 CWE-502

Status published

Products (2)

Repute Infosystems/ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.22

reputeinfosystems/armember < 4.0.22

Published Jan 08, 2024

Tracked Since Feb 18, 2026