Reflected Cross-Site Scripting Vulnerability in Simple Membership Plugin for WordPress
CVE-2023-4719

7.2HIGH

Key Information:

Vendor: WordPress
Status: Simple Membership
Vendor: CVE Published:; 6 September 2023

What is CVE-2023-4719?

The Simple Membership plugin for WordPress suffers from a Reflected Cross-Site Scripting vulnerability via the 'list_type' parameter. This flaw stems from inadequate input sanitization and output escaping in versions up to and including 4.3.5. Attackers could exploit this vulnerability to inject malicious scripts into web pages, potentially leading users to execute unintended actions if lured into clicking compromised links. It is essential for users and maintainers to ensure the plugin is updated to safeguard against such risks.

Affected Version(s)

Simple Membership * <= 4.3.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/simple-membership/

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

FearZzZz