2 matches found
CVE-2022-4939
THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...
New User Approve < 2.4.1 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting With the Membership settings /wp-admin/options-general.php disabled: https://example.com/wp-admin/index.php?a"alert/XSS/...