S4E

CVE-2022-0885 Scanner

Detects 'Improper Access Control' vulnerability in Member Hero plugin for WordPress affects v. through 1.0.9.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Time Interval

816 sec

Scan only one

Url

Toolbox

-

The Member Hero plugin for WordPress is a tool used to help websites manage their memberships. With this plugin, users can create and sell different membership levels to access exclusive content or services on their website. Member Hero also allows website administrators to manage user accounts, track payments, and automate various membership-related tasks.

However, the Member Hero WordPress plugin through version 1.0.9 has been found to have a serious security vulnerability - CVE-2022-0885. This vulnerability occurs due to the lack of authorization checks and input validation in the code. Attackers can call arbitrary PHP functions with no arguments, even if they are not authenticated, opening a door to potential attacks.

Exploiting this vulnerability can result in several types of malicious activities, including account takeovers, data breaches, and denial-of-service attacks. Attackers can use this vulnerability to gain unauthorized access to user accounts, steal sensitive data, deploy malware, and cause substantial financial damages.

At s4e.io, we offer pro features that help website owners detect vulnerabilities in their digital assets quickly and easily. Our platform conducts vulnerability assessments, identifies security issues, and provides detailed reports for remediation. Protect your website from potential attacks by using our platform to enhance your security posture and safeguard your digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan