ThreatPress

WordPress Vulnerabilities Database

Back

WordPress iMember360 Plugin <= 3.9.001 - Disclosure of Database Credentials

Product
iMember360
Description
Because of this vulnerability, the attackers can obtain database credentials via the "i4w_dbinfo" parameter.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2014-3848
Versions
Affected In <= 3.9.001
Fixed In 3.9.002
Disclosure date
2014-05-23
Credits
Everett Griffiths