6 matches found
CVE-2024-5744
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5744
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5744
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5744
CVE-2024-5744 affects the WordPress plugin WP eMember prior to version 10.6.7, where $_SERVER['REQUEST_URI'] is not escaped before echoing into an attribute, enabling Reflected XSS in older browsers. Public data from NVD/Red Hat Patch notes confirms the issue and indicates a fix in version 10.6.7...