Lucene search
K

92 matches found

Prion
Prion
added 2021/03/18 3:15 p.m.12 views

Cross site scripting

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker contributor+ to inject arbitrary web script or HTML via the 'Description/biography' of a member...

3.5CVSS5.4AI score0.00656EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2019/08/29 12:0 a.m.4 views

WordPress wp-members plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-members is a website membership plugin used in it. Cross-site request forgery vulnerability exists in WordPress wp-member plugin...

8.8CVSS6.7AI score0.0068EPSS
Exploits1References1
Prion
Prion
added 2019/08/27 1:15 p.m.19 views

Cross site request forgery (csrf)

The wp-members plugin before 3.2.8 for WordPress has CSRF...

6.8CVSS8.7AI score0.0068EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/27 12:0 a.m.6 views

PT-2019-14328 · WordPress · Wp-Members Plugin

Name of the Vulnerable Software and Affected Versions: wp-members plugin versions prior to 3.2.8 Description: The issue concerns a CSRF problem. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited...

8.8CVSS7AI score0.0068EPSS
Exploits1References4
wpexploit
wpexploit
added 2019/06/13 12:0 a.m.30 views

WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)

No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...

6.8CVSS0.8AI score0.0068EPSS
Exploits1References1
CNVD
CNVD
added 2017/06/14 12:0 a.m.3 views

WordPress WP-Members Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP-Members plugin version 3.1.8. A remote attacker c...

6.1CVSS6.1AI score0.01766EPSS
Exploits0References1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.15 views

WordPress Members Plugin <= 2.8.9 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability in wp-login.php. Solution Update the plugin...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.11 views

WordPress Members Plugin <= 2.8.9 - Stored XSS

This plugin is prone to a cross site scripting vulnerability in profile.php. Solution Update the plugin...

2.6AI score
Exploits0References2Affected Software1
NVD
NVD
added 2013/05/05 11:7 a.m.14 views

CVE-2013-2703

Cross-site request forgery CSRF vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings...

6.8CVSS7.1AI score0.0097EPSS
Exploits0References2
Prion
Prion
added 2013/05/05 11:7 a.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings...

6.8CVSS7.6AI score0.0097EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/05/05 10:0 a.m.38 views

CVE-2013-2703

The CVE-2013-2703 entry affects the Facebook Members WordPress plugin prior to version 5.0.5. It is a CSRF flaw that allows remote attackers to hijack the administrator’s authenticated session and perform requests that modify the plugin’s settings. The issue originates from requests that can alte...

6.8CVSS7.4AI score0.0097EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.20 views

WordPress Facebook Members Plugin <= 5.0.4 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that modify this plugin's settings. Solution Update the plugin...

6.8CVSS5.3AI score0.0097EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder