Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple membership vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-4719
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could i...
Simple-membership-plugin Simple Membership
5.4
CVSSv3
CVE-2022-4469
The Simple Membership WordPress plugin prior to 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...
Simple-membership-plugin Simple Membership
4.9
CVSSv3
CVE-2023-0254
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers w...
Simple-membership-plugin Simple Membership Wp User Import
8.8
CVSSv3
CVE-2022-2273
The Simple Membership WordPress plugin prior to 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
Simple-membership-plugin Simple Membership
9.8
CVSSv3
CVE-2022-2317
The Simple Membership WordPress plugin prior to 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.
Simple-membership-plugin Simple Membership
6.1
CVSSv3
CVE-2022-1724
The Simple Membership WordPress plugin prior to 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
Simple-membership-plugin Simple Membership
6.5
CVSSv3
CVE-2022-0681
The Simple Membership WordPress plugin prior to 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow malicious users to make a logged in admin delete arbitrary transactions via a CSRF attack
Simple-membership-plugin Simple Membership
4.7
CVSSv3
CVE-2022-0328
The Simple Membership WordPress plugin prior to 4.0.9 does not have CSRF check when deleting members in bulk, which could allow malicious users to make a logged in admin delete them via a CSRF attack
Simple-membership-plugin Simple Membership
9.8
CVSSv3
CVE-2021-41472
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows malicious users to execute arbitrary SQL commands via the username and password parameters.
Simple Membership System Using Php And Ajax Project Simple Membership System Using Php And Ajax 1.0
5.9
CVSSv3
CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Api Gateway 11.1.2.4.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Business Intelligence 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Business Intelligence 12.2.1.4.0
Oracle Enterprise Manager Base Platform 13.3.0.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager For Storage Management 13.4.0.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Mysql
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Oracle Essbase 21.2
5 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »