Reflected Cross-Site Scripting Vulnerability in Simple Membership Plugin for WordPress
CVE-2023-4719

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Simple Membership
Vendor: CVE Published:; 6 September 2023

Summary

The Simple Membership plugin for WordPress suffers from a Reflected Cross-Site Scripting vulnerability via the 'list_type' parameter. This flaw stems from inadequate input sanitization and output escaping in versions up to and including 4.3.5. Attackers could exploit this vulnerability to inject malicious scripts into web pages, potentially leading users to execute unintended actions if lured into clicking compromised links. It is essential for users and maintainers to ensure the plugin is updated to safeguard against such risks.

Affected Version(s)

Simple Membership * <= 4.3.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/simple-membership/

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

FearZzZz