Show filters
17 Total Results
Displaying 11-17 of 17
Sort by:
Attacker Value
Unknown
CVE-2022-2273
Disclosure Date: August 01, 2022 (last updated October 08, 2023)
The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
0
Attacker Value
Unknown
CVE-2022-1724
Disclosure Date: June 13, 2022 (last updated October 07, 2023)
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
0
Attacker Value
Unknown
CVE-2022-0681
Disclosure Date: March 21, 2022 (last updated February 23, 2025)
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack
0
Attacker Value
Unknown
CVE-2022-0328
Disclosure Date: February 28, 2022 (last updated February 23, 2025)
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
0
Attacker Value
Unknown
CVE-2016-10884
Disclosure Date: August 14, 2019 (last updated November 27, 2024)
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
0
Attacker Value
Unknown
CVE-2017-18499
Disclosure Date: August 12, 2019 (last updated November 27, 2024)
The simple-membership plugin before 3.5.7 for WordPress has XSS.
0
Attacker Value
Unknown
CVE-2019-14328
Disclosure Date: July 28, 2019 (last updated November 27, 2024)
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
0
