18 matches found
CVE-2025-69193 WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through = 1.6.4...
EUVD-2015-4067
Malware in sbrugna...
EUVD-2024-43296
Malicious code in bioql PyPI...
CVE-2024-49226
Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through = 2.8.17...
CVE-2024-10547
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the userprofileimageupload function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
WordPress plugin WP Membership 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2024-49226
Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through = 2.8.17...
CVE-2024-49226 WordPress TAKETIN To WP Membership plugin <= 2.8.17 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through = 2.8.17...
CVE-2024-49226
CVE-2024-49226 affects TAKETIN To WP Membership (WordPress plugin) up to version 2.8.0. It is a PHP Object Injection (Deserialization of Untrusted Data) vulnerability that can enable arbitrary object injection. Impact is described as high in CVSS (8.8, HIGH) with potential for full compromise of ...
WordPress TAKETIN To WP Membership Plugin <= 2.8.1 is vulnerable to PHP Object Injection
Software TAKETIN To WP Membership Type Plugin Vulnerable versions = 2.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49226 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e430761eddd4 Credits LVT-tholv2k Required privilege...
CVE-2015-4039
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
CVE-2015-4039
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...
CVE-2015-4038
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an ivmembershipupdateusersettings action to wp-admin/admin-ajax.php...
Code injection
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an ivmembershipupdateusersettings action to wp-admin/admin-ajax.php...
CVE-2015-4038
The WP Membership plugin for WordPress (version 1.2.3) is affected by CVE-2015-4038: remote authenticated users can escalate privileges to Administrator via the iv_membership_update_user_settings action in wp-admin/admin-ajax.php. The vulnerability stems from improper authorization in that AJAX e...
WordPress Plugin WP Membership 1.2.3 - Multiple Vulnerabilities
WordPress Plugin WP Membership 1.2.3 - Multiple Vulnerabilities Exploit Title: WordPress WP Membership plugin Multiple Vulnerabilities Date: 2015/05/19 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link:...