280 matches found
WordPress ARMember plugin <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin ARMember versions = 4.0.51...
CVE-2024-10681
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...
CVE-2024-10681
CVE-2024-10681 (ARMember WordPress plugin) affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup for WordPress, versions up to and including 4.0.51. The issue arises from the plugin executing an action without properly validating a value before runni...
CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...
CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...
WordPress plugin The ARMember 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
CVE-2022-47424
Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...
CVE-2022-47424
Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...
CVE-2022-47424 WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...
CVE-2022-47424
CVE-2022-47424 is a CSRF vulnerability in Repute InfoSystems ARMember (and ARMember Premium). Affected: ARMember up to version 4.0.5; ARMember Premium up to 6.7.0.x (before 6.7.1). Root cause is Cross-Site Request Forgery enabling unauthorized actions. Remediation: update ARMember to 4.0.6 or lat...
CVE-2022-47424 WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...
PT-2024-11755 · Repute Infosystems · Armember +1
Name of the Vulnerable Software and Affected Versions: Repute InfoSystems ARMember versions 4.0.5 and earlier Repute InfoSystems ARMember Premium versions prior to 6.7.1 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. This is a type of...
WordPress ARMember plugin <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin ARMember versions = 4.0.37...
WordPress ARMember Plugin <= 4.0.37 is vulnerable to Cross Site Scripting (XSS)
Software ARMember Type Plugin Vulnerable versions = 4.0.37 Fixed in 4.0.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7703 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ae57ddd8d872 Credits wesley wcraft Required...
Exploit for CVE-2024-7703
CVE-2024-7703 markdown CVE-2024-7703 Exploit: Stored Cros...
CVE-2024-7703
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...
CVE-2024-7703 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...
CVE-2024-7703 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...
CVE-2024-7703
ARMember – Membership Plugin for WordPress contains a Stored XSS via SVG uploads in all versions up to 4.0.37, exploitable by authenticated users with Subscriber+ privileges; pages loaded from the SVG can execute scripts on access. Red Hat and Wordfence references confirm the issue and note patch...
WordPress plugin ARMember 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...