Unrated severityNVD Advisory· Published May 23, 2014· Updated Jun 17, 2026
CVE-2014-3849
CVE-2014-3849
Description
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*+ 4 more
- cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*
- cpe:2.3:a:imember360:imember360:3.8.013:*:*:*:*:wordpress:*:*
- cpe:2.3:a:imember360:imember360:3.8.014:*:*:*:*:wordpress:*:*
- cpe:2.3:a:imember360:imember360:3.9.000:*:*:*:*:wordpress:*:*
- cpe:2.3:a:imember360:imember360:3.9.001:*:*:*:*:wordpress:*:*
- Range: >=3.8.012, <=3.9.001
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.