{"id":17189,"date":"2025-04-03T20:55:33","date_gmt":"2025-04-03T20:55:33","guid":{"rendered":""},"modified":"2025-05-22T17:28:16","modified_gmt":"2025-05-22T17:28:16","slug":"cve-2023-52200-cross-site-request-forgery-csrf-leading-to-php-object-injection-in-armember-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-52200-cross-site-request-forgery-csrf-leading-to-php-object-injection-in-armember-wordpress-plugin\/","title":{"rendered":"CVE-2023-52200: Cross-Site Request Forgery (CSRF) Leading to PHP Object Injection in ARMember WordPress Plugin"},"content":{"rendered":"\n<p><strong>Vulnerability Summary<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVE ID:<\/strong> CVE-2023-52200\u200b<\/li>\n\n\n\n<li><strong>Severity:<\/strong> Critical (CVSS 3.1 Score: 9.6)\u200b<a href=\"https:\/\/patchstack.com\/database\/vulnerability\/armember-membership\/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Patchstack<\/a><\/li>\n\n\n\n<li><strong>Attack Vector:<\/strong> Network\u200b<\/li>\n\n\n\n<li><strong>Privileges Required:<\/strong> None\u200b<\/li>\n\n\n\n<li><strong>User Interaction:<\/strong> Required\u200b<\/li>\n\n\n\n<li><strong>Impact:<\/strong> <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-29048-remote-code-execution-via-oxmf-template-injection-in-open-xchange-app-suite\/\"  data-wpil-monitor-id=\"24556\">Remote Code Execution<\/a> (RCE)\u200b<\/li>\n<\/ul>\n\n\n\n<p><strong>Affected Products<\/strong><\/p>\n\n\n\n<p>The vulnerability affects the ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User Signup plugin for WordPress:\u200b<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-52200?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">NVD+1Patchstack+1<\/a><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Product<\/th><th>Affected Versions<\/th><\/tr><\/thead><tbody><tr><td>ARMember Plugin<\/td><td>Versions up to and including 4.0.22\u200b<a href=\"https:\/\/patchstack.com\/database\/vulnerability\/armember-membership\/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Patchstack<\/a><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-52200?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">NVD+1Patchstack+1<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>How the Exploit Works<\/strong><\/p>\n\n\n\n<p>CVE-2023-52200 is a combined <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-6532-cross-site-request-forgery-vulnerability-in-wp-blogs-planetarium-wordpress-plugin-vulnerability-summary\/\"  data-wpil-monitor-id=\"25030\">Cross-Site Request Forgery<\/a> (CSRF) and PHP Object Injection vulnerability. An attacker can exploit this by crafting a malicious request that, when executed by an authenticated administrator, can lead to the deserialization of untrusted <a class=\"wpil_keyword_link\" href=\"https:\/\/chat.ameeba.com\"   title=\"data\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"24352\">data<\/a>. This deserialization can result in arbitrary code execution on the <a class=\"wpil_keyword_link\" href=\"https:\/\/www.ameeba.com\"   title=\"server\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"24350\">server<\/a>. \u200b<a href=\"https:\/\/patchstack.com\/database\/vulnerability\/armember-membership\/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Patchstack<\/a><\/p><div id=\"ameeb-179552062\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n\n\n\n<p><strong>Potential Risks<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22937-critical-remote-code-execution-vulnerability\/\"  data-wpil-monitor-id=\"24877\">Execution of arbitrary PHP code<\/a> on the server\u200b<\/li>\n\n\n\n<li><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-26733-unauthorized-access-vulnerability-in-shinetheme-traveler-software\/\"  data-wpil-monitor-id=\"34243\">Unauthorized access<\/a> to sensitive data\u200b<\/li>\n\n\n\n<li>Complete <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3914-potential-arbitrary-file-uploads-and-system-compromise-in-aeropage-sync-for-airtable-wordpress-plugin\/\"  data-wpil-monitor-id=\"40593\">compromise of the WordPress<\/a> site\u200b<\/li>\n\n\n\n<li>Potential lateral movement within the hosting environment\u200b<\/li>\n<\/ul>\n\n\n\n<p><strong>Mitigation Recommendations<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a class=\"wpil_keyword_link\" href=\"https:\/\/ameeba.com\"   title=\"Update\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"24351\">Update<\/a> the Plugin:<\/strong> Upgrade to ARMember version 4.0.23 or later, where this vulnerability has been addressed. \u200b<\/li>\n\n\n\n<li><strong>Implement CSRF Protections:<\/strong> Ensure that CSRF tokens are validated for all state-changing requests.\u200b<\/li>\n\n\n\n<li><strong>Restrict Administrator Actions:<\/strong> Limit the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-48257-remote-code-execution-and-data-exposure-vulnerability\/\"  data-wpil-monitor-id=\"47915\">exposure of administrative functions and educate administrators to avoid executing<\/a> unsolicited requests.\u200b<\/li>\n\n\n\n<li><strong>Regular Security Audits:<\/strong> Conduct periodic <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-47890-exposing-the-critical-vulnerability-in-network-security-protocols\/\"  data-wpil-monitor-id=\"24988\">security assessments to detect and remediate vulnerabilities<\/a> in your WordPress environment.\u200b<\/li>\n<\/ul>\n\n\n\n<p><strong>Conclusion<\/strong><\/p>\n\n\n\n<p>CVE-2023-52200 is a critical <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-6140-arbitrary-file-upload-vulnerability-in-essential-real-estate-wordpress-plugin\/\"  data-wpil-monitor-id=\"24580\">vulnerability in the ARMember WordPress plugin<\/a> that combines CSRF with PHP Object Injection, potentially allowing attackers to execute arbitrary code. Immediate action is recommended to update the plugin and implement additional security measures to protect your WordPress site.\u200b<a href=\"https:\/\/patchstack.com\/database\/vulnerability\/armember-membership\/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Patchstack<\/a><\/p>\n\n\n\n<p><strong>References<\/strong><\/p><div id=\"ameeb-554574240\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a class=\"\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-52200\">NVD \u2013 CVE-2023-52200<\/a><\/li>\n\n\n\n<li><a class=\"\">Patchstack Advisory<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Summary Affected Products The vulnerability affects the ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile &amp; User Signup plugin for WordPress:\u200bNVD+1Patchstack+1 Product Affected Versions ARMember Plugin Versions up to and including 4.0.22\u200bPatchstackNVD+1Patchstack+1 How the Exploit Works CVE-2023-52200 is a combined Cross-Site Request Forgery (CSRF) and PHP Object Injection vulnerability. An attacker can [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[90,80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-17189","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-csrf","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/17189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=17189"}],"version-history":[{"count":15,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/17189\/revisions"}],"predecessor-version":[{"id":42695,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/17189\/revisions\/42695"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=17189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=17189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=17189"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=17189"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=17189"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=17189"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=17189"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=17189"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=17189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}