top of page
perceptive_background_267k.jpg

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a…

Published:

1 June 2026 at 22:00:00

Alert date:

2 June 2026 at 21:03:34

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

The ARMember Premium plugin for WordPress versions up to 7.3.1 contains an insecure password reset mechanism that stores plaintext password reset keys in user metadata. This vulnerability allows attackers to potentially take over any user account, including administrators, when combined with SQL injection vulnerabilities (CVE-2026-5073, CVE-2026-5074). The plugin stores reset keys in both plaintext and hashed formats, creating a security weakness that can be exploited through the custom armrp reset action.

Technical details

Mitigation steps:

Affected products:

ARMember Premium WordPress Plugin

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-5076
https://codecanyon.net/item/armember-complete-wordpress-membership-system/17785056
https://www.wordfence.com/threat-intel/vulnerabilities/id/6b15eca5-fd47-4f8f-8ade-3a90e0bfc110?source=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page