CVE-2024-47378 WordPress WPCOM Member plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lomu WPCOM Member wpcom-member allows Reflected XSS.This issue affects WPCOM Member: from n/a through = 1.5.4...

CVE-2024-47378 WordPress WPCOM Member plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4...

CVE-2024-47378

CVE-2024-47378: WordPress WPCOM Member plugin ≤1.5.4 is affected by a reflected XSS caused by improper neutralization of input during web page generation. Public sources (Patchstack, Red Hat advisory, CVE records) confirm the issue and name WPCOM Member as affected through 1.5.4. Mitigation per s...

PT-2024-32596 · Unknown · Wpcom Member

Name of the Vulnerable Software and Affected Versions: WPCOM Member versions 1.5.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS. Recommendations: For versions 1.5.4 a...

WordPress plugin WPCOM Member 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress WPCOM Member Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software WPCOM Member Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47378 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f883b482d88 Credits Muhamad Agil Fachrian Required...

CVE-2024-7493

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wpinsertuser during registration. This makes it possible for unauthenticated attackers to update their role ...

CVE-2024-7493 WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wpinsertuser during registration. This makes it possible for unauthenticated attackers to update their role ...

CVE-2024-7493

The WPCOM Member plugin for WordPress (versions ≤ 1.5.2.1) is vulnerable to unauthenticated privilege escalation via User Meta. The issue arises because arbitrary data can be passed to wp_insert_user() during registration, enabling an unauthenticated attacker to set their role to Administrator du...

WordPress plugin WPCOM Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38383 · WordPress · Wpcom Member

Name of the Vulnerable Software and Affected Versions: WPCOM Member plugin for WordPress versions up to 1.5.2.1 Description: The issue is due to the plugin allowing arbitrary data to be passed to wp insert user during registration, making it possible for unauthenticated attackers to update their...

WordPress WPCOM Member Plugin <= 1.5.2.1 is vulnerable to Privilege Escalation

Software WPCOM Member Type Plugin Vulnerable versions = 1.5.2.1 Fixed in 1.5.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-7493 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID db48b9c1d64f Credits wesley...