92 matches found
Cross site scripting
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker contributor+ to inject arbitrary web script or HTML via the 'Description/biography' of a member...
WordPress wp-members plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-members is a website membership plugin used in it. Cross-site request forgery vulnerability exists in WordPress wp-member plugin...
Cross site request forgery (csrf)
The wp-members plugin before 3.2.8 for WordPress has CSRF...
PT-2019-14328 · WordPress · Wp-Members Plugin
Name of the Vulnerable Software and Affected Versions: wp-members plugin versions prior to 3.2.8 Description: The issue concerns a CSRF problem. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited...
WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)
No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...
WordPress WP-Members Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP-Members plugin version 3.1.8. A remote attacker c...
WordPress Members Plugin <= 2.8.9 - Reflected XSS
This plugin is prone to a cross site scripting vulnerability in wp-login.php. Solution Update the plugin...
WordPress Members Plugin <= 2.8.9 - Stored XSS
This plugin is prone to a cross site scripting vulnerability in profile.php. Solution Update the plugin...
CVE-2013-2703
Cross-site request forgery CSRF vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings...
CVE-2013-2703
The CVE-2013-2703 entry affects the Facebook Members WordPress plugin prior to version 5.0.5. It is a CSRF flaw that allows remote attackers to hijack the administrator’s authenticated session and perform requests that modify the plugin’s settings. The issue originates from requests that can alte...
WordPress Facebook Members Plugin <= 5.0.4 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that modify this plugin's settings. Solution Update the plugin...