CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10547 – WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10547
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wp-membership/10066554 https://www.wordfence.com/threat-intel/vulnerabilities/id/664e6e2a-faa1-4609-b250-d7e94c5d5a04?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2020-36666 – Multiple e-plugins - Subscriber+ Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-36666
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable. Multiple plugins by the vendor E-plugins are vulnerable to privilege escalation due to insufficient restriction on several functions called via AJAX actions that set a user's role based on supplied role information. This makes it possible authenticated, subscriber-level and above attackers to elevate their privileges to that of an administrator. • https://codecanyon.net/user/e-plugins https://wpscan.com/vulnerability/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2015-4039 – WP Membership <= 1.2.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-4039
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin WP Membership versión 1.2.3 para WordPress, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de (1) los campos de perfil o (2) un nuevo contenido de publicación, no especificados. NOTA: CVE-2015-4038 puede ser usado para omitir el paso de confirmación del administrador para el vector 2. WordPress WP Membership plugin version 1.2.3 suffers from a stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37074 http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded http://www.securityfocus.com/bid/74766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •