CVE-2024-5744

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.5%

top 35.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Wp-emember Tipsandtricks-hq WP Emember

Timeline

PublishedJul 13

Description

The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:LExploitability: 2.1 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5unknown/wp-emember< 10.6.7

▶NVDtipsandtricks-hq/wp_emember< 10.6.7

🔴Vulnerability Details

GHSA

GHSA-2cp6-jcj8-ghrh: The wp-eMember WordPress plugin before 10↗2024-07-13

▶

CVEList

WP eMember < 10.6.7 - Reflected XSS↗2024-07-13

▶