84 matches found
CVE-2022-45083
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...
CVE-2022-45083
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...
CVE-2022-45083 WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...
CVE-2023-44150
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login...
CVE-2023-44150
CVE-2023-44150 affects ProfilePress (Paid Membership Plugin) for WordPress; versions
CVE-2023-47668
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...
CVE-2023-47668
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...
CVE-2023-47668
The CVE concerns the StellarWP Membership Plugin – Restrict Content, affecting versions ≤ 3.2.7. The root cause is exposure of sensitive information to an unauthorised actor via the plugin’s legacy log mechanism (noted as legacy rcp-debug.log exposure). Practical impact is unauthenticated access ...
Restrict Content < 3.2.8 - Information Exposure via legacy log file
Description The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.7 via the legacy log file. This makes it possible for unauthenticated attackers to extract sensitive data including debug information...
WordPress Plugin Membership Plugin - Restrict Content Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Membership Plugin - Restri...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Liquidweb Restrict_Content
CVE-2023-47668 Restrict Content = 3.2.7 - Information Expo...
WordPress Restrict Content Plugin <= 3.2.7 is vulnerable to Sensitive Data Exposure
Software Restrict Content Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-47668 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 1e46aa10dc26 Credits...
WordPress Restrict Content Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Restrict Content Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29b3be2b2832 Credits Rafie Muhammad Patchstack...
WordPress plugin Membership Plugin - Restrict Content 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Restrict Content Plugin < 3.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Restrict Content Type Plugin Vulnerable versions 3.2.3 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 140b3a291ad3 Credits Unknown Required privilege...
WordPress Restrict Content Plugin < 3.2.3 is vulnerable to Broken Access Control
Software Restrict Content Type Plugin Vulnerable versions 3.2.3 Fixed in 3.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 64157ce6271e Credits Unknown Required privilege Subscrib...
Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged-in admin open a page containing the HTML code below...
CVE-2022-47444 WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin = 4.5.3 versions...