Cross-Site Scripting Vulnerabilities in iMember360 Plugin by WordPress
CVE-2014-3842

Currently unrated

Key Information:

Vendor

Wordpress
Status
Imember360
Vendor
CVE Published:
22 May 2014

What is CVE-2014-3842?

The iMember360 plugin for WordPress contains multiple cross-site scripting (XSS) vulnerabilities that enable remote attackers to inject arbitrary web scripts or HTML code into the application. These weaknesses arise primarily through unsafe handling of the 'decrypt' and 'encrypt' parameters, which could lead to severe security implications, including information disclosure and unauthorized actions performed on behalf of legitimate users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/58094
third-party-advisoryx_refsource_SECUNIA
http://packetstormsecurity.com/files/126324/WordPress-iMe...
x_refsource_MISC
http://www.exploit-db.com/exploits/33076
exploitx_refsource_EXPLOIT-DB

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.