Lucene search
K

104 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 5:20 a.m.2 views

CVE-2026-28070 WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:20 a.m.2 views

CVE-2026-28070

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 5:20 a.m.9 views

CVE-2026-28070

The CVE concerns the WordPress WP eMember plugin ≤ v10.2.2, where a Missing Authorization vulnerability enables exploitation of misconfigured access control security levels. Affected component is the WP eMember access control mechanism, with root cause described as broken access control. CVSS 3.1...

5.3CVSS5.2AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 5:18 a.m.13 views

CVE-2026-28073

CVE-2026-28073: Reflected Cross-Site Scripting in Tips and Tricks HQ WP eMember (WP eMember) affecting WP eMember versions from n/a through 10.2.2. Description and related feeds confirm the vulnerability as a Reflected XSS due to improper input neutralization during web page generation. Public re...

7.1CVSS5.2AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 5:18 a.m.30 views

CVE-2026-28073 WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

7.1CVSS0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:18 a.m.8 views

CVE-2026-28073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 5:18 a.m.1 views

CVE-2026-28073 WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26252

CVE-2026-28070 Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMe… https://t.co/cBQ3xQEZIl...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

WordPress plugin WP eMember 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.3 views

PT-2026-26253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

WordPress plugin WP eMember 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/02 8:28 a.m.6 views

WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WP eMember versions = v10.2.2...

7.1CVSS5.9AI score0.00149EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:56 a.m.5 views

WordPress WP eMember plugin < 10.6.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

6.8CVSS5.3AI score0.0043EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:50 a.m.6 views

WordPress WP eMember plugin < 10.6.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

5.9CVSS5.3AI score0.00329EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:22 a.m.6 views

CVE-2024-5081

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.18 views

CVE-2024-5075

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.9CVSS6.1AI score0.00329EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.7 views

CVE-2024-5079

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS6AI score0.00373EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.7 views

CVE-2024-5074

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.4CVSS6.1AI score0.00403EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:28 a.m.8 views

CVE-2024-5715

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.3 views

CVE-2024-5744

The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.8CVSS6.3AI score0.0043EPSS
Exploits1References1
Rows per page
Query Builder