VYPR
Unrated severityNVD Advisory· Published May 23, 2014· Updated Jun 17, 2026

CVE-2014-3849

CVE-2014-3849

Description

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*+ 4 more
    • cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.8.013:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.8.014:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.9.000:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.9.001:*:*:*:*:wordpress:*:*
  • Range: >=3.8.012, <=3.9.001

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.