Wp Emember Security Vulnerabilities and Issues — Wp Emember CVE List

Lucene search

Tipsandtricks-hqWp Emember

3 matches found

CVE•added 2024/07/13 6:15 a.m.•44 views

CVE-2024-5080

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server

8.8CVSS8.8AI score0.00484EPSS

CVE•added 2024/07/13 6:15 a.m.•37 views

CVE-2024-5076

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

8.8CVSS8.7AI score0.00066EPSS

CVE•added 2024/06/04 6:15 a.m.•21 views

CVE-2024-4749

The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

8.3CVSS8.7AI score0.00127EPSS