86 matches found
EUVD-2023-43703
Malicious code in bioql PyPI...
EUVD-2024-32693
Malicious code in bioql PyPI...
EUVD-2023-37486
Malicious code in bioql PyPI...
CVE-2024-27995
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...
CVE-2024-7703
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This mak...
CVE-2024-4133
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirectto parameter. This...
CVE-2023-33323
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARMember plugin = 4.0.2 versions...
CVE-2023-3011
The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the armcheckusercap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized action...
CVE-2022-47421
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARMember free, Repute InfoSystems ARMember premium plugins...
CVE-2022-1903
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username...
CVE-2022-47140
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARMember plugin = 4.0.1 versions...
CVE-2024-32948
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28...
CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...
CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...
CVE-2024-10681
CVE-2024-10681 (ARMember WordPress plugin) affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup for WordPress, versions up to and including 4.0.51. The issue arises from the plugin executing an action without properly validating a value before runni...
CVE-2022-47424 WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...
Exploit for CVE-2024-7703
CVE-2024-7703 markdown CVE-2024-7703 Exploit: Stored Cros...
CVE-2024-7703
ARMember – Membership Plugin for WordPress contains a Stored XSS via SVG uploads in all versions up to 4.0.37, exploitable by authenticated users with Subscriber+ privileges; pages loaded from the SVG can execute scripts on access. Red Hat and Wordfence references confirm the issue and note patch...
PT-2024-38523 · Armember · Armember
Name of the Vulnerable Software and Affected Versions: The ARMember – Membership Plugin versions up to, and including, 4.0.37 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
ARMember < 4.0.28 - Directory Traversal via X-FILENAME
Description The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...