CVE-2022-0885
N/A
N/A
Summary
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Member Hero | 0 <= 1.0.9 | affected |
Weaknesses
- CWE-862 Missing Authorization
- CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.