9 matches found
CVE-2025-12018
The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-119992
The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12018
The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12018 MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting
The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12018 MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting
The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12018
MembershipWorks – Membership, Events & Directory (WordPress) versions up to and including 6.14 are affected by a stored cross-site scripting vulnerability in admin settings due to inadequate input sanitization and output escaping. Exploitation requires an authenticated attacker with administrator...
WordPress MembershipWorks plugin <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin MembershipWorks versions = 6.14...
WordPress plugin MembershipWorks – Membership, Events & Directory 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...
PT-2025-46568
Name of the Vulnerable Software and Affected Versions MembershipWorks – Membership, Events & Directory plugin for WordPress versions prior to 6.14 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping...