CVE-2022-47425
Published: 09 December 2025
Summary
CVE-2022-47425 is a medium-severity Missing Authorization (CWE-862) vulnerability in Reputeinfosystems Armember. Its CVSS base score is 4.3 (Medium).
Operationally, ranked at the 32.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-47425 is a missing authorization vulnerability (CWE-862) in the ARMember WordPress plugin by Repute Infosystems. The flaw allows exploitation of incorrectly configured access control security levels and affects all versions of ARMember from n/a through 3.4.10. It has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating low severity with network accessibility and low complexity.
A low-privileged authenticated user (PR:L) can exploit this vulnerability remotely without user interaction. Exploitation enables limited unauthorized access to confidential information (C:L), such as potentially sensitive data tied to access controls, with no impact on integrity or availability.
The Patchstack vulnerability disclosure program advisory details this broken access control issue in the ARMember plugin's content restriction, member levels, user profile, and user signup features through version 3.4.10.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-50187
Vulnerability details
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to information and resources, directly addressing the missing authorization vulnerability in ARMember's content restriction and user features.
Identifies, reports, and corrects the specific flaw in ARMember plugin versions through 3.4.10, preventing exploitation of the broken access controls.
Employs least privilege to limit low-privileged users' access to only necessary resources, reducing the impact of unauthorized data exposure in ARMember.