A vulnerability identified as critical has been detected in ARMember Premium Plugin up to 7.3.1 on WordPress. The affected element is the function get_private_content_data . Performing a manipulation of the argument sSortDir_0 results in sql injection. This vulnerability is known as CVE-2026-5074 . Remote exploitation of the attack is possible. No exploit is available.