Products
wp-eMember WordPress plugin
- before 10.3.9
Source
contact@wpscan.com
Tags
CVE-2024-4749 details
Published : June 4, 2024, 6:15 a.m.
Last Modified : June 4, 2024, 4:57 p.m.
Last Modified : June 4, 2024, 4:57 p.m.
Description
The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://wpscan.com/vulnerability/6cc05a33-6592-4d35-8e66-9b6a9884df7e/ | contact@wpscan.com |
This website uses the NVD API, but is not approved or certified by it.