VYPR
Unrated severityNVD Advisory· Published Nov 16, 2014· Updated Jun 17, 2026

CVE-2014-8949

CVE-2014-8949

Description

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*+ 4 more
    • cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.8.013:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.8.014:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.9.000:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:imember360:imember360:3.9.001:*:*:*:*:wordpress:*:*
  • Range: >=3.8.012, <=3.9.001

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.