PatchSiren

reputeinfosystems CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM reputeinfosystems CVE published 2026-07-10

CVE-2026-15302

The ARMember plugin for WordPress has a Directory Traversal vulnerability in all versions up to, and including, 4.0.27. The vulnerability is caused by the plugin's improper handling of the 'X-FILENAME' HTTP header, allowing unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the 'wp-content/uploads/armember' directory. This vulnerability has a CVSS score of 5 [truncated]