Multiple Cross-Site Scripting Vulnerabilities in WP Membership Plugin for WordPress
CVE-2015-4039

5.4MEDIUM

Key Information:

Vendor
Wordpress
Status
WP Membership
Vendor
CVE Published:
6 January 2020

Summary

The WP Membership plugin version 1.2.3 for WordPress has multiple vulnerabilities that allow remote authenticated users to perform arbitrary script injections through various profile fields and new post content. This presents a significant risk as an attacker may exploit these weaknesses to execute malicious scripts in the context of the victim's browser, potentially leading to data theft or unauthorized actions.

References

http://packetstormsecurity.com/files/132011/WordPress-WP-...
x_refsource_MISC
http://www.securityfocus.com/archive/1/archive/1/535586/1...
x_refsource_MISC
https://www.exploit-db.com/exploits/37074/
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.