CVE-2026-5073

HIGH 7.5

ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of sufficient preparation on the existing SQL query in the `arm_get_directory_members()` function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CWE	CWE-89
Vendor	armember
Product	armember premium – membership plugin, content restriction, member levels, user profile & user signup
Published	Jun 2, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for armember armember premium – membership plugin, content restriction, member levels, user profile & user signup

Be the first to know when new high vulnerabilities affecting armember armember premium – membership plugin, content restriction, member levels, user profile & user signup are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

armember / ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

0 ≤ 7.3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/b5f6d2a2-ad3e-4afc-b6fd-745881d85b6b?source=cve codecanyon.net: https://codecanyon.net/item/armember-complete-wordpress-membership-system/17785056

Credits

Phú