Lucene search
+L

280 matches found

Patchstack
Patchstack
added 2024/12/06 9:58 p.m.7 views

WordPress ARMember plugin <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin ARMember versions = 4.0.51...

6.3CVSS7.1AI score0.00358EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/12/06 10:15 a.m.13 views

CVE-2024-10681

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

6.3CVSS0.00358EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 9:23 a.m.57 views

CVE-2024-10681

CVE-2024-10681 (ARMember WordPress plugin) affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup for WordPress, versions up to and including 4.0.51. The issue arises from the plugin executing an action without properly validating a value before runni...

6.3CVSS6.5AI score0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/06 9:23 a.m.18 views

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

6.3CVSS0.00358EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/06 9:23 a.m.9 views

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

6.3CVSS7.3AI score0.00358EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.3 views

WordPress plugin The ARMember 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

6.3CVSS8.8AI score0.00358EPSS
Exploits0References2
NVD
NVD
added 2024/11/19 6:15 p.m.12 views

CVE-2022-47424

Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...

8.8CVSS0.00219EPSS
Exploits0References1
OSV
OSV
added 2024/11/19 6:15 p.m.4 views

CVE-2022-47424

Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/19 5:21 p.m.12 views

CVE-2022-47424 WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...

5.4CVSS7.2AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2024/11/19 5:21 p.m.49 views

CVE-2022-47424

CVE-2022-47424 is a CSRF vulnerability in Repute InfoSystems ARMember (and ARMember Premium). Affected: ARMember up to version 4.0.5; ARMember Premium up to 6.7.0.x (before 6.7.1). Root cause is Cross-Site Request Forgery enabling unauthorized actions. Remediation: update ARMember to 4.0.6 or lat...

8.8CVSS5.5AI score0.00219EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/19 5:21 p.m.26 views

CVE-2022-47424 WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...

5.4CVSS0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.6 views

PT-2024-11755 · Repute Infosystems · Armember +1

Name of the Vulnerable Software and Affected Versions: Repute InfoSystems ARMember versions 4.0.5 and earlier Repute InfoSystems ARMember Premium versions prior to 6.7.1 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. This is a type of...

5.4CVSS8.7AI score0.00219EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/08/19 1:55 a.m.7 views

WordPress ARMember plugin <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin ARMember versions = 4.0.37...

6.4CVSS5.8AI score0.01142EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/19 12:0 a.m.11 views

WordPress ARMember Plugin <= 4.0.37 is vulnerable to Cross Site Scripting (XSS)

Software ARMember Type Plugin Vulnerable versions = 4.0.37 Fixed in 4.0.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7703 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ae57ddd8d872 Credits wesley wcraft Required...

6.4CVSS5.7AI score0.01142EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2024/08/17 2:44 p.m.101 views

Exploit for CVE-2024-7703

CVE-2024-7703 markdown CVE-2024-7703 Exploit: Stored Cros...

6.4CVSS8AI score0.01142EPSS
Exploits1
NVD
NVD
added 2024/08/17 12:15 p.m.19 views

CVE-2024-7703

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.01142EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/17 11:15 a.m.16 views

CVE-2024-7703 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS5.8AI score0.01142EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/17 11:15 a.m.26 views

CVE-2024-7703 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.01142EPSS
Exploits1References4
CVE
CVE
added 2024/08/17 11:15 a.m.56 views

CVE-2024-7703

ARMember – Membership Plugin for WordPress contains a Stored XSS via SVG uploads in all versions up to 4.0.37, exploitable by authenticated users with Subscriber+ privileges; pages loaded from the SVG can execute scripts on access. Red Hat and Wordfence references confirm the issue and note patch...

6.4CVSS5.8AI score0.01142EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/17 12:0 a.m.4 views

WordPress plugin ARMember 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS5.8AI score0.01142EPSS
Exploits1References5
Rows per page
Query Builder