CVE-2014-8948

Name of the Vulnerable Software and Affected Versions iMember360 plugin versions 3.8.012 through 3.9.001 for WordPress

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests with an unspecified impact via the i4w trace parameter.

Recommendations For iMember360 plugin versions 3.8.012 through 3.9.001, avoid using the i4w trace parameter in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the iMember360 plugin to minimize the risk of exploitation.