The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-08-05T06:00:07.283Z

Updated: 2024-08-05T14:41:43.350Z

Reserved: 2024-05-17T19:39:11.828Z

Link: CVE-2024-5081

cve-icon Vulnrichment

Updated: 2024-08-05T14:40:29.917Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-05T06:16:41.383

Modified: 2024-08-05T15:35:16.180

Link: CVE-2024-5081

cve-icon Redhat

No data.