GHSA-7hhj-47v7-pg7cMediumCVSS 5.3

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and...

Published
July 10, 2026
Last Modified
July 10, 2026

🔗 CVE IDs covered (1)

📋 Description

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the 'wp-content/uploads/armember' directory.

🔗 References (4)