CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0328 – Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
https://notcve.org/view.php?id=CVE-2022-0328
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack El plugin Simple Membership de WordPress versiones anteriores a 4.0.9, no presenta comprobación de tipo CSRF cuando son eliminados miembros en masa, lo que podría permitir a atacantes hacer que un administrador conectado los elimine por medio de un ataque de tipo CSRF • https://plugins.trac.wordpress.org/changeset/2662855 https://wpscan.com/vulnerability/44532b7c-4d0d-4959-ada4-733f377d6ec9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14328 – Simple Membership <= 3.8.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-14328
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. El plugin Simple Membership anterior a versión 3.8.5 para WordPress, presenta un problema de tipo CSRF que afecta a la sección Bulk Operation. WordPress Simple Membership plugin version 3.8.4 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47182 http://packetstormsecurity.com/files/153801/WordPress-Simple-Membership-3.8.4-Cross-Site-Request-Forgery.html https://wordpress.org/plugins/simple-membership/#developers https://wpvulndb.com/vulnerabilities/9482 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18499 – Simple Membership <= 3.5.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18499
The simple-membership plugin before 3.5.7 for WordPress has XSS. El plugin simple-membership anterior a la versión 3.5.7 para WordPress tiene XSS. The Simple Membership plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.5.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/simple-membership/#developers https://wpvulndb.com/vulnerabilities/9718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10884 – Simple Membership <= 3.3.2 - Multiple Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10884
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. El plugin simple add-pages-or-posts versiones anteriores a 1.7 para WordPress, presenta una vulnerabilidad de tipo CSRF para eliminar usuarios. The Simple Membership plugin for WordPress is vulnerable to multiple Cross-Site Request Forgery attacks in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain administrative access and perform otherwise restricted actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wordpress.org/plugins/simple-membership/#developers https://wpvulndb.com/vulnerabilities/9744 • CWE-352: Cross-Site Request Forgery (CSRF) •