Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 03 Jun 2026 12:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Armember
Armember armember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup Wordpress Wordpress wordpress |
|
| Vendors & Products |
Armember
Armember armember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup Wordpress Wordpress wordpress |
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a password reset. This is in addition to the hashed key that WordPress core stores securely in `wp_users.user_activation_key`. The plaintext key stored in `wp_usermeta` can be used with the plugin's custom `armrp` reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-5073, CVE-2026-5074), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators. | |
| Title | ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation | |
| Weaknesses | CWE-287 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-06-02T20:56:08.662Z
Reserved: 2026-03-28T13:25:02.784Z
Link: CVE-2026-5076
Updated: 2026-06-02T20:56:03.448Z
Status : Deferred
Published: 2026-06-02T20:16:40.720
Modified: 2026-06-02T20:56:20.057
Link: CVE-2026-5076
No data.
OpenCVE Enrichment
Updated: 2026-06-03T10:55:14Z