Lucene search
K

104 matches found

OSV
OSV
added 2024/07/13 6:15 a.m.4 views

CVE-2024-5076

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References1
NVD
NVD
added 2024/07/13 6:15 a.m.13 views

CVE-2024-5076

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.12 views

CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS

The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.2AI score0.0043EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.24 views

CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS

The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.0043EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.56 views

CVE-2024-5715

CVE-2024-5715 affects the wp-eMember WordPress plugin prior to version 10.6.7. The issue is a Reflected Cross-Site Scripting vulnerability caused by insufficient sanitisation/escaping of a parameter before it is echoed back in the page, which can be exploited against high-privilege users such as ...

7.1CVSS6.5AI score0.00387EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.33 views

CVE-2024-5715 WP eMember < 10.6.7 - Reflected XSS via Member Edit

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.23 views

CVE-2024-5077 WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00216EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.10 views

CVE-2024-5077 WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.9AI score0.00216EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.58 views

CVE-2024-5077

The CVE-2024-5077 entry concerns the wp-eMember WordPress plugin prior to 10.6.6, which lacks CSRF checks in certain areas and is missing sanitisation and escaping. This could allow a logged-in admin to inject Stored XSS payloads via a CSRF attack. Affected software: wp-eMember

6.8CVSS6.3AI score0.00216EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.24 views

CVE-2024-5080 WP eMember < 10.6.6 - Admin+ Arbitrary File Upload

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

0.00661EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.11 views

CVE-2024-5080 WP eMember < 10.6.6 - Admin+ Arbitrary File Upload

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

7.3AI score0.00661EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.12 views

CVE-2024-5079 WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1AI score0.00373EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.47 views

CVE-2024-5079

The CVE-2024-5079 entry affects the WordPress plugin wp-eMember (pre-10.6.7). The vulnerability stems from lack of sanitization/escaping of certain fields during member registration, enabling unauthenticated Stored XSS. Impact described as stored XSS with unauthenticated access; affected componen...

6.1CVSS5.9AI score0.00373EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/13 6:0 a.m.54 views

CVE-2024-5074

The CVE-2024-5074 entry concerns the WordPress WP eMember plugin (versions prior to 10.6.6). The issue is a failure to sanitise/escape a parameter before echoing it, causing a Reflected Cross-Site Scripting vulnerability that could be exploited against high-privilege users (e.g., admins). The Red...

5.4CVSS5.3AI score0.00403EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.27 views

CVE-2024-5076 WP eMember < 10.6.6 - Bulk Delete via CSRF

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

0.00328EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.50 views

CVE-2024-5076

CVE-2024-5076 concerns the WordPress plugin wp-eMember prior to version 10.6.6 . Multiple connected sources confirm a lack of CSRF checks in certain areas, potentially allowing an attacker to trigger unwanted actions by tricking a logged-in user via CSRF attacks. The identified impact is high, wi...

8.8CVSS8.7AI score0.00328EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/13 6:0 a.m.69 views

CVE-2024-5075

The CVE is for the WordPress plugin WP eMember prior to version 10.6.6 . The issue is a Reflected XSS caused by failing to properly sanitize and escape a parameter before echoing it on the page. This could be leveraged against high-privilege users (e.g., admins). The available connected sources c...

5.9CVSS5.5AI score0.00329EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.14 views

CVE-2024-5074 WP eMember < 10.6.6 - Reflected XSS

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00403EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.10 views

CVE-2024-5076 WP eMember < 10.6.6 - Bulk Delete via CSRF

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.8AI score0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.12 views

CVE-2024-5075 WP eMember < 10.6.6 - Reflected XSS

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00329EPSS
Exploits1References1
Rows per page
Query Builder