92 matches found
WordPress Team Members Plugin <= 5.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Team Members Type Plugin Vulnerable versions = 5.3.3 Fixed in 5.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38670 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0e47f407025 Credits Jean Tirstan T Required privilege...
PT-2024-18363 · WordPress · Wp-Members Membership Plugin
Name of the Vulnerable Software and Affected Versions: WP-Members Membership Plugin versions prior to 3.4.9.3 Description: The WP-Members Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header due to insufficient input sanitization and output...
WordPress WP-Members Membership plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin WP-Members versions = 3.4.9.2...
WordPress Team Members Plugin < 5.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Team Members Type Plugin Vulnerable versions 5.3.2 Fixed in 5.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1331 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fdcd0cb6fba4 Credits Dmitrii Ignatyev Required...
CVE-2024-1331
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-1331
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-1331 Team Members < 5.3.2 - Author+ Stored XSS
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6733
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data includin...
CVE-2023-6733 WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data includin...
PT-2023-21906 · WordPress · Wp-Members Membership
Name of the Vulnerable Software and Affected Versions: WP-Members Membership plugin for WordPress versions up to, and including, 3.4.7.3 Description: The issue arises from a missing capability check on the do field reorder function, allowing authenticated attackers with subscriber-level access to...
CVE-2022-3936
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...
Cross site scripting
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...
CVE-2022-3936 Team Members < 5.2.1 - Editor+ Stored XSS
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...
WordPress plugin Team Members 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
WordPress Team Members plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Team Members plugin versions prior to 5.1.1 contain a cross-site scripting vulnerability that stems...
CVE-2022-1568
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1568
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
Cross site scripting
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress plugin Team Members 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Team Members plugin versions prior to 5.1.1 contain a cross-site scripting vulnerability that stems...