Lucene search
K

92 matches found

Patchstack
Patchstack
added 2024/07/10 12:0 a.m.13 views

WordPress Team Members Plugin <= 5.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions = 5.3.3 Fixed in 5.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38670 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0e47f407025 Credits Jean Tirstan T Required privilege...

6.5CVSS6.6AI score0.0034EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-18363 · WordPress · Wp-Members Membership Plugin

Name of the Vulnerable Software and Affected Versions: WP-Members Membership Plugin versions prior to 3.4.9.3 Description: The WP-Members Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header due to insufficient input sanitization and output...

7.2CVSS8.3AI score0.00675EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/04/01 5:32 p.m.8 views

WordPress WP-Members Membership plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin WP-Members versions = 3.4.9.2...

7.2CVSS5.8AI score0.00675EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/19 12:0 a.m.7 views

WordPress Team Members Plugin < 5.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions 5.3.2 Fixed in 5.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1331 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fdcd0cb6fba4 Credits Dmitrii Ignatyev Required...

6.1CVSS6AI score0.00443EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2024/03/18 4:15 p.m.12 views

CVE-2024-1331

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.6AI score0.00443EPSS
Exploits2References1
OSV
OSV
added 2024/03/18 4:15 p.m.4 views

CVE-2024-1331

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.8AI score0.00443EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/03/18 3:15 p.m.14 views

CVE-2024-1331 Team Members < 5.3.2 - Author+ Stored XSS

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

6AI score0.00443EPSS
Exploits2References1
Prion
Prion
added 2024/03/08 6:15 a.m.13 views

Cross site scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS5.9AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2024/01/04 4:15 a.m.2 views

CVE-2023-6733

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data includin...

6.5CVSS7.3AI score0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/04 3:30 a.m.2 views

CVE-2023-6733 WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data includin...

6.5CVSS6.8AI score0.0044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-21906 · WordPress · Wp-Members Membership

Name of the Vulnerable Software and Affected Versions: WP-Members Membership plugin for WordPress versions up to, and including, 3.4.7.3 Description: The issue arises from a missing capability check on the do field reorder function, allowing authenticated attackers with subscriber-level access to...

4.3CVSS9.6AI score0.00503EPSS
Exploits0References7
OSV
OSV
added 2023/01/02 10:15 p.m.4 views

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

4.8CVSS5.8AI score0.00532EPSS
Exploits2References1
Prion
Prion
added 2023/01/02 10:15 p.m.14 views

Cross site scripting

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

4.3CVSS4.8AI score0.00532EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/02 9:49 p.m.5 views

CVE-2022-3936 Team Members < 5.2.1 - Editor+ Stored XSS

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

5.9AI score0.00532EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.4 views

WordPress plugin Team Members 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

4.8CVSS4.9AI score0.00532EPSS
Exploits2References2
CNVD
CNVD
added 2022/06/01 12:0 a.m.25 views

WordPress Team Members plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Team Members plugin versions prior to 5.1.1 contain a cross-site scripting vulnerability that stems...

4.8CVSS2.2AI score0.00565EPSS
Exploits2References1
OSV
OSV
added 2022/05/30 9:15 a.m.1 views

CVE-2022-1568

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/30 9:15 a.m.6 views

CVE-2022-1568

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References2
Prion
Prion
added 2022/05/30 9:15 a.m.16 views

Cross site scripting

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

3.5CVSS4.8AI score0.00565EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/05/30 12:0 a.m.3 views

WordPress plugin Team Members 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Team Members plugin versions prior to 5.1.1 contain a cross-site scripting vulnerability that stems...

4.8CVSS5.7AI score0.00565EPSS
Exploits2References2
Rows per page
Query Builder