104 matches found
WordPress WP eMember plugin <= 10.7.0 - Stored XSS via CSRF vulnerability
Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions v10.7.0...
CVE-2024-5081
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5081
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5081 WP eMember <= v10.7.0 - Stored XSS via CSRF
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5081
CVE-2024-5081 affects the WordPress plugin WP eMember , specifically versions prior to 10.7.0. The Red Hat advisory and NVD/NVD-derived entries state the vulnerability arises from lack of CSRF checks in some areas and missing sanitization/escaping, allowing a logged-in administrator to store Stor...
PT-2024-34418 · WordPress · Wp-Emember
Name of the Vulnerable Software and Affected Versions: wp-eMember WordPress plugin versions prior to 10.7.0 Description: The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads...
WordPress plugin wp-eMember 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WP eMember plugin < 10.6.7 - Reflected XSS via Member Edit vulnerability
Reflected XSS via Member Edit vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...
WordPress WP eMember plugin < 10.6.6 - Admin+ Arbitrary File Upload vulnerability
Admin+ Arbitrary File Upload vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...
WordPress WP eMember plugin < 10.6.7 - Unauthenticated Stored XSS via Member Registration vulnerability
Unauthenticated Stored XSS via Member Registration vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...
WordPress WP eMember plugin < 10.6.6 - Stored XSS in Blacklist via CSRF vulnerability
Stored XSS in Blacklist via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...
WordPress WP eMember plugin < 10.6.6 - Bulk Delete via CSRF vulnerability
Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...
WordPress WP eMember plugin < 10.6.6 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by kauenavarro in WordPress Plugin WP eMember versions 10.6.6...
CVE-2024-5744
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5077
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5080
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...
CVE-2024-5079
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...
CVE-2024-5079
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...
CVE-2024-5080
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...
CVE-2024-5074
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...