ByteOS Network

NVD Vulnerability Details :

CVE-2024-5596

Deferred

Source-security@wordfence.com

Published At-22 Jun, 2024 | 06:15

Updated At-15 Apr, 2026 | 00:35

The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta and plugin options which can lead to limited privilege escalation.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	security@wordfence.com

CWE ID: CWE-352

Type: Primary

Source: security@wordfence.com

References

Hyperlink	Source	Resource
https://codecanyon.net/item/armember-complete-wordpress-membership-system/17785056	security@wordfence.com	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/3e55591e-c1e9-4667-b04f-4956d2f37d51?source=cve	security@wordfence.com	N/A
https://codecanyon.net/item/armember-complete-wordpress-membership-system/17785056	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/3e55591e-c1e9-4667-b04f-4956d2f37d51?source=cve	af854a3a-2127-422b-91ae-364da2661108	N/A