PT-2024-36791 · Unknown +1 · Wp Social Stream +1

Name of the Vulnerable Software and Affected Versions: Socialstream versions prior to 6.2 Description: The issue arises when linking a social account to an already authenticated user, as there is a lack of a confirmation step, introducing a security risk. This risk is increased if -stateless is...

CVE-2015-4039

Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...