Revan ACVE-2023–51356: ARMember <= 4.0.10 — Authenticated Privilege EscalationBackend code of edit profile feature is vulnerable for Privilege Escalation attack. Attacker can manipulate request for getting higher roleDec 28, 2023Dec 28, 2023
Revan ACVE-2023–47837: ARMember <= 4.0.10 — Bypass Membership PlanProfile feature is vulnerable for Bypass Membership Plan. Attacker can manipulate the request to get “Membership Plan” without payingNov 21, 2023Nov 21, 2023
InInfoSec Write-upsbyRevan ACVE-2023-41954: ProfilePress <= 4.13.1 — Unauthenticated Privilege EscalationPrivilege Escalation vulnerability on ProfilePress Plugin. Malicious actor could register an account as Editor, Author, or other existing…Sep 14, 2023Sep 14, 2023
InInfoSec Write-upsbyRevan ACVE-2023–39308: User Feedback <= 1.0.7 — Unauthenticated Stored XSSSubmit Feedback feature doesn’t filter submitted Text. So, Attacker can submit malicious script.Sep 6, 2023Sep 6, 2023
