What is CVE-2022-46808?

It's an SQL injection vuln in ARMember WordPress plugin, letting attackers run arbitrary database queries on unpatched sites up to v3.4.11.

How do I fix CVE-2022-46808 in ARMember?

Update to 3.4.12 or later via WordPress dashboard. If unavailable, deactivate and migrate to a secure alternative like MemberPress.

Which WordPress sites are affected by CVE-2022-46808?

Any running ARMember armember-membership from initial release through 3.4.11. Check your plugins list now.

🕳️ Vulnerabilities & CVEs

CVE-2022-46808: The SQL Injection Lurking in ARMember's Membership Plugin

A straightforward SQL injection in ARMember — a popular WordPress membership tool — could let attackers dump your user data. CVE-2022-46808 isn't new, but its persistence screams negligence.

theAIcatchup Apr 08, 2026 3 min read

SQL injection attack vector targeting ARMember WordPress plugin database

⚡ Key Takeaways

CVE-2022-46808 enables unauthenticated SQL injection in ARMember up to v3.4.11, risking full database exposure. 𝕏
Patch immediately or deactivate; market data shows competitors gaining from ARMember's slow response. 𝕏
Echoes past WP plugin vulns — expect user migration and potential exploit modules soon. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#ARMember #CVE-2022-46808 #SQL injection #WordPress Vulnerability

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by NVD Vulnerabilities

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Slimstat's SQL Injection Nightmare: CVE-2022-45373 Cracks Open Analytics Doors

Spiffy Calendar SQL Injection Lets Hackers Hijack WordPress Databases

CVE-2022-47428: The SQL Injection Lurking in Your WordPress Booking Calendar

CVE-2022-46818: SQL Injection Lets Attackers Raid WordPress Subscriber Lists

Stay in the loop