2 matches found
CVE-2015-4039
The CVE-2015-4039 entry corresponds to the WordPress WP Membership plugin version 1.2.3, which contains stored XSS vulnerabilities. According to the sources, remote authenticated users can inject arbitrary script or HTML via (1) profile fields or (2) new post content. An additional note indicates...
WordPress WP Membership 1.2.3 Cross Site Scripting
Exploit Title: WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...