CVE-2022-47425
Published: 09 December 2025
Description
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to information and resources, directly addressing the missing authorization vulnerability in ARMember's content restriction and user features.
Identifies, reports, and corrects the specific flaw in ARMember plugin versions through 3.4.10, preventing exploitation of the broken access controls.
Employs least privilege to limit low-privileged users' access to only necessary resources, reducing the impact of unauthorized data exposure in ARMember.
Security SummaryAI
CVE-2022-47425 is a missing authorization vulnerability (CWE-862) in the ARMember WordPress plugin by Repute Infosystems. The flaw allows exploitation of incorrectly configured access control security levels and affects all versions of ARMember from n/a through 3.4.10. It has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating low severity with network accessibility and low complexity.
A low-privileged authenticated user (PR:L) can exploit this vulnerability remotely without user interaction. Exploitation enables limited unauthorized access to confidential information (C:L), such as potentially sensitive data tied to access controls, with no impact on integrity or availability.
The Patchstack vulnerability disclosure program advisory details this broken access control issue in the ARMember plugin's content restriction, member levels, user profile, and user signup features through version 3.4.10.
Details
- CWE(s)