CVE-2024-10681
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Published Dec 6, 2024
CWE ID 94
Summary
CVE-2024-10681: The ARMember plugin for WordPress, versions up to 4.0.51, has a vulnerability that enables authenticated attackers with subscriber-level access or higher to execute arbitrary shortcodes. This occurs due to the plugin's failure to validate user input before running do_shortcode, allowing attackers to inject malicious code and potentially gain unintended access or perform unauthorized actions on the affected site.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- ARMember Plugin
Affected Vendors
- WordPress