5 matches found
CVE-2015-4039
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
CVE-2015-4039
The CVE-2015-4039 entry corresponds to the WordPress WP Membership plugin version 1.2.3, which contains stored XSS vulnerabilities. According to the sources, remote authenticated users can inject arbitrary script or HTML via (1) profile fields or (2) new post content. An additional note indicates...
CVE-2015-4038
The WP Membership plugin for WordPress (version 1.2.3) is affected by CVE-2015-4038: remote authenticated users can escalate privileges to Administrator via the iv_membership_update_user_settings action in wp-admin/admin-ajax.php. The vulnerability stems from improper authorization in that AJAX e...
WordPress WP Membership 1.2.3 Privilege Escalation
Exploit Title: WordPress WP Membership plugin Privilege escalation Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4038 1 Descriptio...