CVE-2024-31237 – WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-31237
Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315. Una vulnerabilidad de gestión de privilegios incorrecta en WP Sharks s2Member Pro permite la escalada de privilegios. Este problema afecta a s2Member Pro: desde n/a hasta 240315. The s2Member plugin for WordPress is vulnerable to limited privilege escalation in versions up to, and including, 240315. This is due to insufficient controls during user registration. • https://patchstack.com/database/vulnerability/s2member/wordpress-s2member-plugin-240315-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVE-2011-5082 – s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5082
Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field). Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin de WordPress 's2Member Pro' antes de v111220 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s2member_pro_authnet_checkout [coupon](también conocido como Código de cupón). • http://secunia.com/advisories/47954 http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982 http://www.securityfocus.com/bid/51997 https://exchange.xforce.ibmcloud.com/vulnerabilities/73202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •