Medium severity6.5NVD Advisory· Published Jun 2, 2026· Updated Jun 2, 2026
CVE-2026-5074
CVE-2026-5074
Description
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the get_private_content_data AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into the ORDER BY clause of an SQL query without a whitelist check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note: The vulnerability can only be exploited if the "User Private Content" addon is enabled, which is disabled by default..
Affected products
1- Range: <=7.3.1
Patches
Vulnerability mechanics
References
2News mentions
2- Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)Wordfence Blog · Jun 11, 2026
- WordPress: 25 Plugin and Theme Vulnerabilities Disclosed in Single BatchVypr Intelligence · Jun 3, 2026