ThreatPress

WordPress Vulnerabilities Database

Back

WordPress iMember360 Plugin <= 3.9.001 - Arbitrary user deletion

Product
iMember360
Description
Because of this vulnerability, the attackers can delete arbitrary users via a request containing a user name in the "Email" parameter and the API key in the "i4w_clearuser" parameter.
Solution
Update the plugin.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2014-3849
Versions
Affected In <= 3.9.001
Fixed In 3.9.002
Disclosure date
2014-05-23
Credits
Everett Griffiths