3 matches found
CVE-2024-1852
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2024-1852
CVE-2024-1852 is a stored XSS in the WP-Members Membership Plugin for WordPress, exploitable via the X-Forwarded-For header. The vulnerability stems from using user-controlled HTTP headers to populate the wpmem_get_user_ip() data, which can be stored and later rendered on the admin user profile p...
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...