Lucene search
K

118 matches found

cnnvd
cnnvd
added 2024/05/17 12:0 a.m.4 views

WordPress plugin s2Member Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS8.5AI score0.00417EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/05/17 12:0 a.m.7 views

PT-2024-23878 · Unknown · S2Member Pro

Name of the Vulnerable Software and Affected Versions: s2Member Pro versions n/a through 240315 Description: The issue is related to Improper Privilege Management, which allows Privilege Escalation. Recommendations: For versions n/a through 240315, update to a version that addresses the Improper...

7.5CVSS9.5AI score0.00417EPSS
Exploits0References4
nvd
nvd
added 2024/04/09 7:15 p.m.17 views

CVE-2024-0899

The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers ...

5.3CVSS5.1AI score0.0056EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/04/09 6:59 p.m.12 views

CVE-2024-0899 s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure

The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers ...

5.3CVSS7.2AI score0.0056EPSS
Exploits0References2
cvelist
cvelist
added 2024/04/09 6:59 p.m.23 views

CVE-2024-0899 s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure

The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers ...

5.3CVSS5.4AI score0.0056EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/04/09 12:0 a.m.6 views

WordPress Plugin s2Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS8.1AI score0.0056EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/04/09 12:0 a.m.5 views

PT-2024-15903 · WordPress · S2Member

Name of the Vulnerable Software and Affected Versions: s2Member plugin for WordPress versions prior to 230816 Description: The issue allows unauthenticated attackers to expose information via the API, making it possible to see the contents of posts and pages. Recommendations: For versions prior t...

5.3CVSS9.5AI score0.0056EPSS
Exploits0References3
patchstack
patchstack
added 2024/04/05 5:16 a.m.6 views

WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin s2Member versions = 240315...

7.5CVSS7AI score0.00417EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/04/05 12:0 a.m.11 views

WordPress s2Member Pro Plugin <= 240315 is vulnerable to Privilege Escalation

Software s2Member Pro Type Plugin Vulnerable versions = 240315 Fixed in 240325 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-31237 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID db2e8d0fde5a Credits Ngô Thiê...

7.5CVSS6.5AI score0.00417EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/03/19 12:0 a.m.11 views

WordPress s2Member Pro Plugin <= 230815 is vulnerable to Sensitive Data Exposure

Software s2Member Pro Type Plugin Vulnerable versions = 230815 Fixed in 240315 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0899 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2b01d6ca4fd7 Credits Francesco Carlucci Required...

5.3CVSS6.9AI score0.0056EPSS
Exploits0References3Affected Software1
wpvulndb
wpvulndb
added 2024/03/18 12:0 a.m.13 views

s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions < 240315 - Information Exposure

Description The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticate...

5.3CVSS6.9AI score0.0056EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2015/05/14 12:0 a.m.14 views

WordPress s2member Secure File Browser Plugin <= 0.4.16 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

2.7AI score
Exploits0References1Affected Software1
nvd
nvd
added 2012/03/19 6:55 p.m.17 views

CVE-2011-5082

Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...

4.3CVSS6AI score0.01959EPSS
Exploits0References4
attackerkb
attackerkb
added 2012/03/19 6:55 p.m.0 views

CVE-2011-5082

Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...

4.3CVSS5.8AI score0.01959EPSS
Exploits0References5
prion
prion
added 2012/03/19 6:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...

4.3CVSS6.4AI score0.01959EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2012/03/19 6:0 p.m.26 views

CVE-2011-5082

Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...

6AI score0.01959EPSS
Exploits0References4
cve
cve
added 2012/03/19 6:0 p.m.44 views

CVE-2011-5082

The CVE-2011-5082 vulnerability affects the WordPress plugin s2Member Pro (before version 111220). An XSS flaw allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (Coupon Code field). This occurs in the plugin’s checkout handling ...

4.3CVSS6.2AI score0.01959EPSS
Exploits0References4Affected Software1
patchstack
patchstack
added 2012/03/19 12:0 a.m.24 views

WordPress s2Member Pro Plugin

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s2memberproauthnetcheckoutcoupon" parameter. Solution Update the plugin...

4.3CVSS3AI score0.01959EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder