CVE-2022-0885 Scanner
Detects 'Improper Access Control' vulnerability in Member Hero plugin for WordPress affects v. through 1.0.9.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
816 sec
Scan only one
Url
Toolbox
-
The Member Hero plugin for WordPress is a tool used to help websites manage their memberships. With this plugin, users can create and sell different membership levels to access exclusive content or services on their website. Member Hero also allows website administrators to manage user accounts, track payments, and automate various membership-related tasks.
However, the Member Hero WordPress plugin through version 1.0.9 has been found to have a serious security vulnerability - CVE-2022-0885. This vulnerability occurs due to the lack of authorization checks and input validation in the code. Attackers can call arbitrary PHP functions with no arguments, even if they are not authenticated, opening a door to potential attacks.
Exploiting this vulnerability can result in several types of malicious activities, including account takeovers, data breaches, and denial-of-service attacks. Attackers can use this vulnerability to gain unauthorized access to user accounts, steal sensitive data, deploy malware, and cause substantial financial damages.
At s4e.io, we offer pro features that help website owners detect vulnerabilities in their digital assets quickly and easily. Our platform conducts vulnerability assessments, identifies security issues, and provides detailed reports for remediation. Protect your website from potential attacks by using our platform to enhance your security posture and safeguard your digital assets.
REFERENCES