Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2025-2221
- EPSS 0.1%
- Veröffentlicht 14.03.2025 07:15:38
- Zuletzt bearbeitet 21.03.2025 14:50:44
The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
6.1
CVE-2024-47378
- EPSS 0.13%
- Veröffentlicht 05.10.2024 15:15:13
- Zuletzt bearbeitet 27.05.2025 19:27:42
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
9.8
CVE-2024-7493
- EPSS 0.68%
- Veröffentlicht 06.09.2024 14:15:12
- Zuletzt bearbeitet 26.09.2024 17:41:16
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible ...
1