CVE-2022-0885
Member Hero <= 1.0.9 - Unauthenticated RCE
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 9.1%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
13 jun 2022Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.
Productos afectados
Unknown · Member Hero¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →