CVE-2015-4039
WP Membership <= 1.2.3 - Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.
Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin WP Membership versión 1.2.3 para WordPress, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de (1) los campos de perfil o (2) un nuevo contenido de publicación, no especificados. NOTA: CVE-2015-4038 puede ser usado para omitir el paso de confirmación del administrador para el vector 2.
WordPress WP Membership plugin version 1.2.3 suffers from a stored cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-05-19 CVE Reserved
- 2015-05-21 CVE Published
- 2024-03-02 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded | Broken Link | |
http://www.securityfocus.com/bid/74766 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/37074 | 2024-08-06 | |
http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
E-plugins Search vendor "E-plugins" | Wp Membership Search vendor "E-plugins" for product "Wp Membership" | 1.2.3 Search vendor "E-plugins" for product "Wp Membership" and version "1.2.3" | wordpress |
Affected
|