VYPR

Member Hero

by WordPress

CVEs (1)

  • CVE-2022-0885CriJun 13, 2022
    risk 0.64cvss 9.8epss 0.09

    The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.