Lucene search
K

18 matches found

Cvelist
Cvelist
added 2026/01/22 4:52 p.m.19 views

CVE-2025-69193 WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through = 1.6.4...

7.3CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-4067

Malware in sbrugna...

5.4CVSS5.6AI score0.02793EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-43296

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.0049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:10 a.m.6 views

CVE-2024-49226

Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through = 2.8.17...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References1
NVD
NVD
added 2024/11/09 8:15 a.m.10 views

CVE-2024-10547

The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the userprofileimageupload function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00829EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.4 views

WordPress plugin WP Membership 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS8.3AI score0.00829EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 2:15 p.m.22 views

CVE-2024-49226

Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through = 2.8.17...

8.8CVSS0.0049EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/16 1:19 p.m.22 views

CVE-2024-49226 WordPress TAKETIN To WP Membership plugin <= 2.8.17 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through = 2.8.17...

8.8CVSS0.0049EPSS
Exploits0References1
CVE
CVE
added 2024/10/16 1:19 p.m.52 views

CVE-2024-49226

CVE-2024-49226 affects TAKETIN To WP Membership (WordPress plugin) up to version 2.8.0. It is a PHP Object Injection (Deserialization of Untrusted Data) vulnerability that can enable arbitrary object injection. Impact is described as high in CVSS (8.8, HIGH) with potential for full compromise of ...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.10 views

WordPress TAKETIN To WP Membership Plugin <= 2.8.1 is vulnerable to PHP Object Injection

Software TAKETIN To WP Membership Type Plugin Vulnerable versions = 2.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49226 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e430761eddd4 Credits LVT-tholv2k Required privilege...

8.8CVSS8.8AI score0.0049EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/01/06 7:15 p.m.27 views

CVE-2015-4039

Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...

5.4CVSS5.2AI score0.02793EPSS
Exploits2References4
Prion
Prion
added 2020/01/06 7:15 p.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...

3.5CVSS5.6AI score0.08311EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2020/01/06 6:40 p.m.27 views

CVE-2015-4039

Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...

5.2AI score0.02793EPSS
Exploits2References4
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.62 views

CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]

Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...

5.2AI score0.02793EPSS
Exploits2
NVD
NVD
added 2015/06/03 8:59 p.m.28 views

CVE-2015-4038

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an ivmembershipupdateusersettings action to wp-admin/admin-ajax.php...

6.5CVSS5.4AI score0.08311EPSS
Exploits3References5
Prion
Prion
added 2015/06/03 8:59 p.m.24 views

Code injection

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an ivmembershipupdateusersettings action to wp-admin/admin-ajax.php...

6.5CVSS5.5AI score0.08311EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2015/06/03 8:0 p.m.68 views

CVE-2015-4038

The WP Membership plugin for WordPress (version 1.2.3) is affected by CVE-2015-4038: remote authenticated users can escalate privileges to Administrator via the iv_membership_update_user_settings action in wp-admin/admin-ajax.php. The vulnerability stems from improper authorization in that AJAX e...

6.5CVSS5.3AI score0.08311EPSS
Exploits3References5Affected Software1
exploitpack
exploitpack
added 2015/05/21 12:0 a.m.17 views

WordPress Plugin WP Membership 1.2.3 - Multiple Vulnerabilities

WordPress Plugin WP Membership 1.2.3 - Multiple Vulnerabilities Exploit Title: WordPress WP Membership plugin Multiple Vulnerabilities Date: 2015/05/19 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link:...

0.3AI score
Exploits0
Rows per page
Query Builder