MEDIUM
reputeinfosystems
CVE published 2026-07-10
CVE-2026-15302
The ARMember plugin for WordPress has a Directory Traversal vulnerability in all versions up to, and including, 4.0.27. The vulnerability is caused by the plugin's improper handling of the 'X-FILENAME' HTTP header, allowing unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the 'wp-content/uploads/armember' directory. This vulnerability has a CVSS score of 5 [truncated]