CVE-2022-0885

Name of the Vulnerable Software and Affected Versions Member Hero WordPress plugin versions 1.0.0 through 1.0.9

Description The issue lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.

Recommendations For Member Hero WordPress plugin versions 1.0.0 through 1.0.9, update to a version that includes the necessary authorization checks and input validation to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.