Cyber Resilience

CVE-2022-47425

Medium

Published: 09 December 2025

Published
09 December 2025
Modified
30 January 2026
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0013 32.6th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-47425 is a medium-severity Missing Authorization (CWE-862) vulnerability in Reputeinfosystems Armember. Its CVSS base score is 4.3 (Medium).

Operationally, ranked at the 32.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-47425 is a missing authorization vulnerability (CWE-862) in the ARMember WordPress plugin by Repute Infosystems. The flaw allows exploitation of incorrectly configured access control security levels and affects all versions of ARMember from n/a through 3.4.10. It has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating low severity with network accessibility and low complexity.

A low-privileged authenticated user (PR:L) can exploit this vulnerability remotely without user interaction. Exploitation enables limited unauthorized access to confidential information (C:L), such as potentially sensitive data tied to access controls, with no impact on integrity or availability.

The Patchstack vulnerability disclosure program advisory details this broken access control issue in the ARMember plugin's content restriction, member levels, user profile, and user signup features through version 3.4.10.

EU & UK References

Vulnerability details

Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27583Shared CWE-862
CVE-2026-45209Shared CWE-862
CVE-2026-4100Shared CWE-862
CVE-2026-25026Shared CWE-862
CVE-2026-1280Shared CWE-862
CVE-2026-0509Shared CWE-862
CVE-2026-32501Shared CWE-862
CVE-2026-42083Shared CWE-862
CVE-2025-31194Shared CWE-862
CVE-2026-6963Shared CWE-862

Affected Assets

reputeinfosystems
armember
≤ 3.4.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to information and resources, directly addressing the missing authorization vulnerability in ARMember's content restriction and user features.

prevent

Identifies, reports, and corrects the specific flaw in ARMember plugin versions through 3.4.10, preventing exploitation of the broken access controls.

prevent

Employs least privilege to limit low-privileged users' access to only necessary resources, reducing the impact of unauthorized data exposure in ARMember.

References