55 matches found
CVE-2024-5076
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5076
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5715 WP eMember < 10.6.7 - Reflected XSS via Member Edit
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5077 WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5080 WP eMember < 10.6.6 - Admin+ Arbitrary File Upload
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...
CVE-2024-5077
The CVE-2024-5077 entry concerns the wp-eMember WordPress plugin prior to 10.6.6, which lacks CSRF checks in certain areas and is missing sanitisation and escaping. This could allow a logged-in admin to inject Stored XSS payloads via a CSRF attack. Affected software: wp-eMember
CVE-2024-5079 WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...
CVE-2024-5077 WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5076 WP eMember < 10.6.6 - Bulk Delete via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5076 WP eMember < 10.6.6 - Bulk Delete via CSRF
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5075
The CVE is for the WordPress plugin WP eMember prior to version 10.6.6 . The issue is a Reflected XSS caused by failing to properly sanitize and escape a parameter before echoing it on the page. This could be leveraged against high-privilege users (e.g., admins). The available connected sources c...
CVE-2024-5074 WP eMember < 10.6.6 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5076
CVE-2024-5076 concerns the WordPress plugin wp-eMember prior to version 10.6.6 . Multiple connected sources confirm a lack of CSRF checks in certain areas, potentially allowing an attacker to trigger unwanted actions by tricking a logged-in user via CSRF attacks. The identified impact is high, wi...
CVE-2024-5075 WP eMember < 10.6.6 - Reflected XSS
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5074
The CVE-2024-5074 entry concerns the WordPress WP eMember plugin (versions prior to 10.6.6). The issue is a failure to sanitise/escape a parameter before echoing it, causing a Reflected Cross-Site Scripting vulnerability that could be exploited against high-privilege users (e.g., admins). The Red...
WordPress plugin wp-eMember security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...
WordPress plugin wp-eMember security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-34406 · WordPress · Wp-Emember
Name of the Vulnerable Software and Affected Versions: wp-eMember WordPress plugin versions prior to 10.6.6 Description: The issue concerns the lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unintended actions through CSRF attacks...