CVE-2024-5079

CWE-79 — Cross-site Scripting (XSS)CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

6.1MEDIUM

EPSS

2.0%

top 16.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Wp-emember Tipsandtricks-hq WP Emember

Timeline

PublishedJul 13

Latest updateAug 17

Description

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/wp-emember< 10.6.7

▶NVDtipsandtricks-hq/wp_emember< 10.6.7

🔴Vulnerability Details

CVEList

WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration↗2024-07-13

▶

GHSA

GHSA-8f8c-jjv7-xm6r: The wp-eMember WordPress plugin before 10↗2024-07-13

▶

📋Vendor Advisories

Red Hat

kernel: ext4: check dot and dotdot of dx_root before making dir indexed↗2024-08-17

▶