19 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3. The Simple Membership plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.5.3. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. • https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-5-3-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6. The Simple Membership After Login Redirection plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.6. This is due to insufficient validation on the redirect url supplied via the 'swpm_redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. • https://patchstack.com/database/vulnerability/simple-membership-after-login-redirection/wordpress-simple-membership-after-login-redirection-plugin-1-6-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en smp7, wp.Insider Simple Membership. Este problema afecta a Simple Membership: desde n/a hasta 4.4.1. The Simple Membership plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.4.1. This is due to insufficient validation on the redirect url supplied via the swpm_page_url parameter. • https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-4-1-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8. Neutralización incorrecta de la entrada durante la vulnerabilidad de generación de páginas web ('Cross site scripting') en smp7, wp.Insider Simple Membership permite XSS reflejado. Este problema afecta a Simple Membership: desde n/a hasta 4.3.8. The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to 4.3.9 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Simple Membership para WordPress es vulnerable a Cross-Site Scripting reflejado a través del parámetro 'environment_mode' en todas las versiones hasta la 4.3.8 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace. • https://plugins.trac.wordpress.org/changeset/3010737/simple-membership https://www.wordfence.com/threat-intel/vulnerabilities/id/366165fe-93e5-49ab-b2e5-1de624f22286?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •