CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/19 5:20 a.m.•1 views

CVE-2026-28070 WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.8AI score0.00014EPSS

Cvelist•added 2026/03/19 5:20 a.m.•23 views

CVE-2026-28070 WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS0.00014EPSS

CNNVD•added 2026/03/19 12:0 a.m.•2 views

WordPress plugin WP eMember 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00045EPSS

Patchstack•added 2026/02/03 10:56 a.m.•3 views

WordPress WP eMember plugin < 10.6.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

6.8CVSS5.3AI score0.00466EPSS

Patchstack•added 2026/02/02 7:50 a.m.•3 views

WordPress WP eMember plugin < 10.6.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

5.9CVSS5.3AI score0.00264EPSS

RedhatCVE•added 2025/05/23 10:22 a.m.•2 views

CVE-2024-5081

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00259EPSS

Exploits1

RedhatCVE•added 2025/05/23 8:42 a.m.•2 views

CVE-2024-5075

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.9CVSS6.1AI score0.00264EPSS

RedhatCVE•added 2025/05/23 8:42 a.m.•3 views

CVE-2024-5079

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS6AI score0.02007EPSS

RedhatCVE•added 2025/05/23 8:41 a.m.•3 views

CVE-2024-5074

5.4CVSS6.1AI score0.00255EPSS

RedhatCVE•added 2025/05/23 8:28 a.m.•5 views

CVE-2024-5715

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00193EPSS

RedhatCVE•added 2025/05/23 8:27 a.m.•1 views

CVE-2024-5744

The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.8CVSS6.3AI score0.00466EPSS

Patchstack•added 2024/08/05 7:12 a.m.•2 views

WordPress WP eMember plugin <= 10.7.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions v10.7.0...

6.1CVSS6AI score0.00259EPSS

Vulnrichment•added 2024/08/05 6:0 a.m.•12 views

CVE-2024-5081 WP eMember <= v10.7.0 - Stored XSS via CSRF

5.9AI score0.00259EPSS

Patchstack•added 2024/07/15 2:46 a.m.•3 views

WordPress WP eMember plugin < 10.6.7 - Unauthenticated Stored XSS via Member Registration vulnerability

Unauthenticated Stored XSS via Member Registration vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

6.1CVSS6AI score0.02007EPSS

Patchstack•added 2024/07/15 2:45 a.m.•1 views

WordPress WP eMember plugin < 10.6.6 - Stored XSS in Blacklist via CSRF vulnerability

Stored XSS in Blacklist via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

6.8CVSS6.1AI score0.00202EPSS

OSV•added 2024/07/13 6:15 a.m.•0 views

CVE-2024-5076

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS5.8AI score