2 matches found
WordPress Simple Membership <4.1.1 - Cross-Site Scripting
WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions. id: CVE-2022-1724 info: name: WordPress Simple Membership 4.1.1 - Cross-Site Scripting author:...
CVE-2022-1724
The CVE-2022-1724 entry concerns the WordPress Simple Membership plugin (versions prior to 4.1.1). The issue is a reflected Cross-Site Scripting vulnerability in which parameters are not properly sanitized/escaped before being echoed in AJAX actions, enabling injection of malicious scripts when a...