cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5081,https://securityvulnerability.io/vulnerability/CVE-2024-5081,WordPress plugin vulnerable to CSRF and XSS attacks,"The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-08-05T06:00:07.283Z,0
CVE-2024-5744,https://securityvulnerability.io/vulnerability/CVE-2024-5744,Plugin vulnerability could lead to Reflected Cross-Site Scripting in old web browsers,"The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:13.171Z,0
CVE-2024-5715,https://securityvulnerability.io/vulnerability/CVE-2024-5715,Reflected Cross-Site Scripting Vulnerability in wp-eMember Plugin,"The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:12.983Z,0
CVE-2024-5080,https://securityvulnerability.io/vulnerability/CVE-2024-5080,Arbitrary File Upload Vulnerability in wp-eMember WordPress Plugin,"The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:09.543Z,0
CVE-2024-5079,https://securityvulnerability.io/vulnerability/CVE-2024-5079,Unauthenticated Stored Cross-Site Scripting (XSS) Vulnerability in wp-eMember Plugin,"The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:09.333Z,0
CVE-2024-5077,https://securityvulnerability.io/vulnerability/CVE-2024-5077,Unsancitized Logged-in Admin Payloads,"The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:09.142Z,0
CVE-2024-5076,https://securityvulnerability.io/vulnerability/CVE-2024-5076,Unprotected CSRF Vulnerability in wp-eMember Plugin Could Allow Attackers to Trigger Unwanted Actions,"The wp-eMember plugin for WordPress has a vulnerability that arises from the absence of Cross-Site Request Forgery (CSRF) checks in multiple locations. This flaw permits attackers to exploit sessions of logged-in users, enabling them to execute unwanted or harmful actions without explicit consent. This security oversight necessitates prompt updates to safeguard against potential exploitation.",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:08.934Z,0
CVE-2024-5075,https://securityvulnerability.io/vulnerability/CVE-2024-5075,High Privilege Users at Risk of Reflected Cross-Site Scripting (XSS) through wp-eMember Plugin,"The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:08.729Z,0
CVE-2024-5074,https://securityvulnerability.io/vulnerability/CVE-2024-5074,Unsecured Plugin Leads to Reflected Cross-Site Scripting,"The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:08.534Z,0
CVE-2024-4749,https://securityvulnerability.io/vulnerability/CVE-2024-4749,Reflected Cross-Site Scripting Vulnerability in wp-eMember WordPress Plugin,"The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the ""fieldId"" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.",Wordpress,WP-emember,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-06-04T06:00:02.802Z,0