A critical vulnerability in the ARMember Premium WordPress plugin allows unauthenticated attackers to hijack any user account, including administrators, by exploiting insecure password reset key storage.

The plugin insecurely stores plaintext password reset keys in the user meta table. Unauthenticated attackers can exploit this, potentially in conjunction with other flaws like SQL injection, to retrieve these keys and reset passwords for any account on the system.

With a CVSS score of 9.8, this vulnerability allows for full account takeover of any user on the WordPress site. An attacker gaining administrator access can perform any action, including data exfiltration, malware injection, or site defacement, leading to significant reputational and financial damage.

Immediate Action: Update the ARMember Premium plugin to the latest available version that addresses this insecure storage issue.

Proactive Monitoring: Monitor user meta tables for suspicious modifications and review WordPress authentication logs for unexpected password reset activity.

Compensating Controls: Utilize a Web Application Firewall (WAF) with rules configured to block common SQL injection patterns, which may be used as a vector to extract the plaintext keys.

Public Exploit Available: Unknown

This is a critical vulnerability that requires urgent patching. Site administrators should prioritize updating the ARMember plugin and audit user accounts for any signs of suspicious activity or unauthorized password changes that may have occurred recently.