{"containers":{"cna":{"affected":[{"product":"ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup","vendor":"Unknown","versions":[{"lessThan":"3.4.8","status":"affected","version":"3.4.8","versionType":"custom"}]}],"credits":[{"lang":"en","value":"cydave"}],"descriptions":[{"lang":"en","value":"The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-06-27T08:58:19.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"}],"source":{"discovery":"EXTERNAL"},"title":"ARMember < 3.4.8 - Unauthenticated Admin Account Takeover","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2022-1903","STATE":"PUBLIC","TITLE":"ARMember < 3.4.8 - Unauthenticated Admin Account Takeover"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup","version":{"version_data":[{"version_affected":"<","version_name":"3.4.8","version_value":"3.4.8"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"cydave"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08","refsource":"MISC","url":"https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T00:17:00.971Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-1903","datePublished":"2022-06-27T08:58:19.000Z","dateReserved":"2022-05-27T00:00:00.000Z","dateUpdated":"2024-08-03T00:17:00.971Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}