Lucene search
K

35 matches found

Vulnrichment
Vulnrichment
added 2025/05/17 9:22 a.m.7 views

CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemusermemberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00344EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/17 9:22 a.m.25 views

CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemusermemberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00344EPSS
Exploits0References5
CVE
CVE
added 2025/05/17 9:22 a.m.36 views

CVE-2025-4610

CVE-2025-4610 affects the WP-Members Membership Plugin for WordPress (versions up to and including 3.5.2). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wpmem_user_memberships shortcode caused by insufficient input sanitization and output escaping of user-provided attributes. E...

6.4CVSS5.7AI score0.00344EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.4 views

WordPress plugin WP-Members Membership Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.4CVSS6.5AI score0.00344EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/17 12:0 a.m.7 views

PT-2025-21782 · WordPress · Wp-Members Membership Plugin

Name of the Vulnerable Software and Affected Versions: WP-Members Membership Plugin versions up to, and including, 3.5.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpmem user memberships shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.00344EPSS
Exploits0References9
Patchstack
Patchstack
added 2025/05/16 10:13 p.m.8 views

WordPress WP-Members plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpmemusermemberships Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin WP-Members versions = 3.5.2...

6.4CVSS6.3AI score0.00344EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/25 12:15 p.m.3 views

CVE-2024-10374

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemloginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.4CVSS5.9AI score0.00434EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.10 views

WordPress WP-Members Plugin <= 3.4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software WP-Members Type Plugin Vulnerable versions = 3.4.9.5 Fixed in 3.4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b793b5e43f7e Credits Peter Thaleikis Required...

6.4CVSS5.7AI score0.00434EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/22 9:32 a.m.21 views

CVE-2024-9231 WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.5AI score0.0043EPSS
Exploits0References4
Prion
Prion
added 2024/03/08 6:15 a.m.13 views

Cross site scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS5.9AI score0.00355EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/04 3:30 a.m.2 views

CVE-2023-6733 WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data includin...

6.5CVSS6.8AI score0.0044EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/29 12:0 a.m.4 views

WordPress wp-members plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-members is a website membership plugin used in it. Cross-site request forgery vulnerability exists in WordPress wp-member plugin...

8.8CVSS6.7AI score0.0068EPSS
Exploits1References1
Prion
Prion
added 2019/08/27 1:15 p.m.19 views

Cross site request forgery (csrf)

The wp-members plugin before 3.2.8 for WordPress has CSRF...

6.8CVSS8.7AI score0.0068EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/27 12:0 a.m.6 views

PT-2019-14328 · WordPress · Wp-Members Plugin

Name of the Vulnerable Software and Affected Versions: wp-members plugin versions prior to 3.2.8 Description: The issue concerns a CSRF problem. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited...

8.8CVSS7AI score0.0068EPSS
Exploits1References4
wpexploit
wpexploit
added 2019/06/13 12:0 a.m.30 views

WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)

No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...

6.8CVSS0.8AI score0.0068EPSS
Exploits1References1
Rows per page
Query Builder