Cross-Site Scripting Vulnerabilities in iMember360 Plugin by WordPress
CVE-2014-3842

Currently unrated

Key Information:

Vendor: Wordpress
Status: Imember360
Vendor: CVE Published:; 22 May 2014

Summary

The iMember360 plugin for WordPress contains multiple cross-site scripting (XSS) vulnerabilities that enable remote attackers to inject arbitrary web scripts or HTML code into the application. These weaknesses arise primarily through unsafe handling of the 'decrypt' and 'encrypt' parameters, which could lead to severe security implications, including information disclosure and unauthorized actions performed on behalf of legitimate users.

References

http://secunia.com/advisories/58094

third-party-advisoryx_refsource_SECUNIA

http://packetstormsecurity.com/files/126324/WordPress-iMe...

x_refsource_MISC

http://www.exploit-db.com/exploits/33076

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 22, 2014