CVE-2026-27060
HighCVSS 8.8Summary
The ARMember Premium plugin version 7.0 and earlier contains a PHP Object Injection vulnerability exploitable by contributors. An attacker with contributor privileges can inject a malicious PHP object, potentially leading to remote code execution.
Risk Assessment
The risk involves a contributor-level user gaining control over the WordPress site, which could lead to data theft, content modification, or further propagation of the attack.
Recommendation
Immediately update the ARMember Premium plugin to the latest available version that addresses this vulnerability. If an update is not possible, consider restricting contributor privileges or temporarily disabling the plugin.
Original NVD description (English source)
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.

