14 matches found
CVE-2025-13313
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...
CVE-2025-13313 CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...
CVE-2025-13313
The CRM Memberships WordPress plugin is vulnerable in versions up to 2.5 due to missing authorization checks on the ntzcrm_changepassword AJAX action and an unauthenticated ntzcrm_get_users endpoint, enabling unauthenticated password resets and enumeration of subscriber emails. This can grant att...
EUVD-2025-201340
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...
CVE-2025-13313 CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...
PT-2025-49192
Name of the Vulnerable Software and Affected Versions WordPress CRM Memberships plugin versions up to and including 2.5 Description The CRM Memberships plugin for WordPress is susceptible to privilege escalation through a password reset function. The issue stems from a lack of proper authorizatio...
WordPress plugin CRM Memberships 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2023-27427
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NTZApps CRM Memberships plugin = 1.6 versions...
CVE-2023-27427
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NTZApps CRM Memberships plugin = 1.6 versions...
CVE-2023-27427
CVE-2023-27427 concerns the WordPress NTZApps CRM Memberships plugin (
CVE-2023-27427 WordPress CRM Memberships Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NTZApps CRM Memberships plugin = 1.6 versions...
WordPress plugin CRM Memberships 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CRM Memberships <= 1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress CRM Memberships Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)
Software CRM Memberships Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27427 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 152ce6558832 Credits Pavitra Tiwari Required...