WordPress ARMember Plugin <= 4.0.30 is vulnerable to Open Redirection

Software ARMember Type Plugin Vulnerable versions = 4.0.30 Fixed in 4.0.31 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-4133 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 1161444e8597 Credits Krzysztof Zając Required privilege Unauthenticated...

BIT-WORDPRESS-MULTISITE-2020-11030 Cross-site scripting (XSS) in Search block in WordPress

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...