104 matches found
CVE-2024-5076
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5076
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5715
CVE-2024-5715 affects the wp-eMember WordPress plugin prior to version 10.6.7. The issue is a Reflected Cross-Site Scripting vulnerability caused by insufficient sanitisation/escaping of a parameter before it is echoed back in the page, which can be exploited against high-privilege users such as ...
CVE-2024-5715 WP eMember < 10.6.7 - Reflected XSS via Member Edit
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5077 WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5077 WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5077
The CVE-2024-5077 entry concerns the wp-eMember WordPress plugin prior to 10.6.6, which lacks CSRF checks in certain areas and is missing sanitisation and escaping. This could allow a logged-in admin to inject Stored XSS payloads via a CSRF attack. Affected software: wp-eMember
CVE-2024-5080 WP eMember < 10.6.6 - Admin+ Arbitrary File Upload
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...
CVE-2024-5080 WP eMember < 10.6.6 - Admin+ Arbitrary File Upload
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...
CVE-2024-5079 WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...
CVE-2024-5079
The CVE-2024-5079 entry affects the WordPress plugin wp-eMember (pre-10.6.7). The vulnerability stems from lack of sanitization/escaping of certain fields during member registration, enabling unauthenticated Stored XSS. Impact described as stored XSS with unauthenticated access; affected componen...
CVE-2024-5074
The CVE-2024-5074 entry concerns the WordPress WP eMember plugin (versions prior to 10.6.6). The issue is a failure to sanitise/escape a parameter before echoing it, causing a Reflected Cross-Site Scripting vulnerability that could be exploited against high-privilege users (e.g., admins). The Red...
CVE-2024-5076 WP eMember < 10.6.6 - Bulk Delete via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5076
CVE-2024-5076 concerns the WordPress plugin wp-eMember prior to version 10.6.6 . Multiple connected sources confirm a lack of CSRF checks in certain areas, potentially allowing an attacker to trigger unwanted actions by tricking a logged-in user via CSRF attacks. The identified impact is high, wi...
CVE-2024-5075
The CVE is for the WordPress plugin WP eMember prior to version 10.6.6 . The issue is a Reflected XSS caused by failing to properly sanitize and escape a parameter before echoing it on the page. This could be leveraged against high-privilege users (e.g., admins). The available connected sources c...
CVE-2024-5074 WP eMember < 10.6.6 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5076 WP eMember < 10.6.6 - Bulk Delete via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5075 WP eMember < 10.6.6 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...