RSS   Vulnerabilities for 'Simple membership'   RSS

2022-06-13
 
CVE-2022-1724

CWE-79
 

 
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting

 
2022-03-21
 
CVE-2022-0681

CWE-352
 

 
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack

 
2022-02-28
 
CVE-2022-0328

CWE-352
 

 
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

 
2019-08-14
 
CVE-2016-10884

CWE-352
 

 
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.

 
2019-08-12
 
CVE-2017-18499

CWE-79
 

 
The simple-membership plugin before 3.5.7 for WordPress has XSS.

 
2019-07-28
 
CVE-2019-14328

CWE-352
 

 
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.

 


Copyright 2024, cxsecurity.com

 

Back to Top