CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41472
https://notcve.org/view.php?id=CVE-2021-41472
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. Una vulnerabilidad de inyección SQL en Sourcecodester Simple Membership System versión v1 por oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio de los parámetros username y password • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/razormist • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14328 – Simple Membership <= 3.8.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-14328
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. El plugin Simple Membership anterior a versión 3.8.5 para WordPress, presenta un problema de tipo CSRF que afecta a la sección Bulk Operation. WordPress Simple Membership plugin version 3.8.4 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47182 http://packetstormsecurity.com/files/153801/WordPress-Simple-Membership-3.8.4-Cross-Site-Request-Forgery.html https://wordpress.org/plugins/simple-membership/#developers https://wpvulndb.com/vulnerabilities/9482 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18499 – Simple Membership <= 3.5.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18499
The simple-membership plugin before 3.5.7 for WordPress has XSS. El plugin simple-membership anterior a la versión 3.5.7 para WordPress tiene XSS. The Simple Membership plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.5.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/simple-membership/#developers https://wpvulndb.com/vulnerabilities/9718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10884 – Simple Membership <= 3.3.2 - Multiple Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10884
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. El plugin simple add-pages-or-posts versiones anteriores a 1.7 para WordPress, presenta una vulnerabilidad de tipo CSRF para eliminar usuarios. The Simple Membership plugin for WordPress is vulnerable to multiple Cross-Site Request Forgery attacks in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain administrative access and perform otherwise restricted actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wordpress.org/plugins/simple-membership/#developers https://wpvulndb.com/vulnerabilities/9744 • CWE-352: Cross-Site Request Forgery (CSRF) •