Lucene search
K

104 matches found

Patchstack
Patchstack
added 2024/08/05 7:12 a.m.5 views

WordPress WP eMember plugin <= 10.7.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions v10.7.0...

6.1CVSS6AI score0.00177EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/05 6:16 a.m.4 views

CVE-2024-5081

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/08/05 6:16 a.m.30 views

CVE-2024-5081

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS0.00177EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/05 6:0 a.m.13 views

CVE-2024-5081 WP eMember <= v10.7.0 - Stored XSS via CSRF

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.9AI score0.00177EPSS
Exploits1References1
CVE
CVE
added 2024/08/05 6:0 a.m.47 views

CVE-2024-5081

CVE-2024-5081 affects the WordPress plugin WP eMember , specifically versions prior to 10.7.0. The Red Hat advisory and NVD/NVD-derived entries state the vulnerability arises from lack of CSRF checks in some areas and missing sanitization/escaping, allowing a logged-in administrator to store Stor...

6.1CVSS5.6AI score0.00177EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.4 views

PT-2024-34418 · WordPress · Wp-Emember

Name of the Vulnerable Software and Affected Versions: wp-eMember WordPress plugin versions prior to 10.7.0 Description: The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads...

6.1CVSS5.6AI score0.00177EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/05 12:0 a.m.5 views

WordPress plugin wp-eMember 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.7AI score0.00177EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/07/15 2:58 a.m.3 views

WordPress WP eMember plugin < 10.6.7 - Reflected XSS via Member Edit vulnerability

Reflected XSS via Member Edit vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

7.1CVSS6.3AI score0.00387EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/15 2:46 a.m.4 views

WordPress WP eMember plugin < 10.6.6 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

8.8CVSS7AI score0.00661EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/15 2:46 a.m.4 views

WordPress WP eMember plugin < 10.6.7 - Unauthenticated Stored XSS via Member Registration vulnerability

Unauthenticated Stored XSS via Member Registration vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

6.1CVSS6AI score0.00373EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/15 2:45 a.m.3 views

WordPress WP eMember plugin < 10.6.6 - Stored XSS in Blacklist via CSRF vulnerability

Stored XSS in Blacklist via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

6.8CVSS6.1AI score0.00216EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/15 2:45 a.m.2 views

WordPress WP eMember plugin < 10.6.6 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

8.8CVSS7AI score0.00328EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/15 2:43 a.m.5 views

WordPress WP eMember plugin < 10.6.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by kauenavarro in WordPress Plugin WP eMember versions 10.6.6...

5.4CVSS6.4AI score0.00403EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/13 6:15 a.m.3 views

CVE-2024-5744

The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.8CVSS5.8AI score0.0043EPSS
Exploits1References1
OSV
OSV
added 2024/07/13 6:15 a.m.4 views

CVE-2024-5077

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.8CVSS5.8AI score0.00216EPSS
Exploits1References1
OSV
OSV
added 2024/07/13 6:15 a.m.4 views

CVE-2024-5080

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

8.8CVSS5.9AI score0.00661EPSS
Exploits1References1
NVD
NVD
added 2024/07/13 6:15 a.m.17 views

CVE-2024-5079

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS0.00373EPSS
Exploits1References1
OSV
OSV
added 2024/07/13 6:15 a.m.2 views

CVE-2024-5079

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.8AI score0.00373EPSS
Exploits1References1
NVD
NVD
added 2024/07/13 6:15 a.m.36 views

CVE-2024-5080

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

8.8CVSS0.00661EPSS
Exploits1References1
NVD
NVD
added 2024/07/13 6:15 a.m.27 views

CVE-2024-5074

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.4CVSS0.00403EPSS
Exploits1References1
Rows per page
Query Builder