CVE-2024-4749 — Cross-site Scripting in WP Emember

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

8.3HIGHNVD

EPSS

0.2%

top 60.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tipsandtricks-hq WP Emember

Timeline

PublishedJun 4

Description

The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.7

Affected Packages1 packages

▶NVDtipsandtricks-hq/wp_emember< 10.3.9

🔴Vulnerability Details

GHSA

GHSA-4x3h-fqm2-2c9h: The wp-eMember WordPress plugin before 10↗2024-06-04

▶

CVEList

WP eMember < 10.3.9 - Reflected XSS↗2024-06-04

▶