EUVD-2024-46298

Malicious code in bioql PyPI...

EUVD-2024-46294

Malicious code in bioql PyPI...

EUVD-2025-12294

Malicious code in bioql PyPI...

EUVD-2024-46295

Malicious code in bioql PyPI...

EUVD-2024-17166

Malicious code in bioql PyPI...

CVE-2024-5024

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'meprscreenname' and 'meprkey' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-1412

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-5025

The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-39407 WordPress Memberpress plugin < 1.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0...

CVE-2025-39407 WordPress Memberpress plugin < 1.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0...

CVE-2024-11299

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-11299

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-11299

CVE-2024-11299 (Memberpress for WordPress) affects WordPress Memberpress plugin versions up to and including 1.11.37. The issue is an unauthenticated content-restriction bypass via WordPress core search, enabling attackers to exfiltrate sensitive data from restricted posts (e.g., those limited to...

PT-2025-17519 · WordPress · Memberpress

Name of the Vulnerable Software and Affected Versions: Memberpress plugin for WordPress versions up to, and including, 1.11.37 Description: The issue allows unauthenticated attackers to extract sensitive data from restricted posts, such as those limited to higher-level roles like administrators,...

PT-2025-17528 · Caseproof · Memberpress

Name of the Vulnerable Software and Affected Versions: Memberpress versions 1.11.37 and earlier Description: The issue affects the Memberpress plugin, allowing for Reflected Cross-site Scripting XSS. This occurs due to improper neutralization of input during web page generation. Recommendations:...

CVE-2024-5031

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary...

CVE-2024-5024

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'meprscreenname' and 'meprkey' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-5024

CVE-2024-5024 concerns the MemberPress WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw that can be triggered via the mepr_screenname and mepr_key parameters in pages that trigger user actions. It affects all versions up to and including 1.11.29 (per the initial ...

WordPress MemberPress plugin <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters vulnerability

Reflected Cross-Site Scripting via meprscreenname and meprkey Parameters vulnerability discovered by stealthcopter in WordPress Plugin MemberPress versions = 1.11.29...

WordPress Memberpress Plugin <= 1.11.29 is vulnerable to Cross Site Scripting (XSS)

Software Memberpress Type Plugin Vulnerable versions = 1.11.29 Fixed in 1.11.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5024 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 953c2af8a753 Credits stealthcopter...