The WP-Members Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header due to insufficient input sanitization and output escaping
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
WPVulnDB | WP-Members Membership Plugin < 3.4.9.3 - Unauthenticated Stored Cross-Site Scripting | 1 Apr 202400:00 | – | wpvulndb |
NVD | CVE-2024-1852 | 9 Apr 202419:15 | – | nvd |
Vulnrichment | CVE-2024-1852 | 9 Apr 202418:58 | – | vulnrichment |
Wordfence Blog | Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded | 1 Apr 202415:03 | – | wordfence |
Wordfence Blog | How To Find XSS (Cross-Site Scripting) Vulnerabilities in WordPress Plugins and Themes | 5 Sep 202421:18 | – | wordfence |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024) | 11 Apr 202417:23 | – | wordfence |
Patchstack | WordPress WP-Members Plugin <= 3.4.9.2 is vulnerable to Cross Site Scripting (XSS) | 1 Apr 202400:00 | – | patchstack |
CVE | CVE-2024-1852 | 9 Apr 202419:15 | – | cve |
The Hacker News | Critical Security Flaw Found in Popular LayerSlider WordPress Plugin | 3 Apr 202405:11 | – | thn |
[
{
"vendor": "cbutlerjr",
"product": "WP-Members Membership Plugin",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "3.4.9.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo