The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-08-05T06:00:07.283Z
Updated: 2024-08-05T14:41:43.350Z
Reserved: 2024-05-17T19:39:11.828Z
Link: CVE-2024-5081
Vulnrichment
Updated: 2024-08-05T14:40:29.917Z
NVD
Status : Awaiting Analysis
Published: 2024-08-05T06:16:41.383
Modified: 2024-08-05T15:35:16.180
Link: CVE-2024-5081
Redhat
No data.