CVE Vulnerabilities

CVE-2014-3849

Published: May 23, 2014 | Modified: May 27, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.

Affected Software

Name Vendor Start Version End Version
Imember360 Imember360 3.9.000 3.9.000
Imember360 Imember360 3.9.001 3.9.001
Imember360 Imember360 3.8.014 3.8.014
Imember360 Imember360 3.8.012 3.8.012
Imember360 Imember360 3.8.013 3.8.013

References