Wp Emember
Monthly
WP eMember through version 10.2.2 contains an authorization bypass flaw that allows unauthenticated remote attackers to circumvent access control restrictions and view protected content. The vulnerability stems from improper validation of security level configurations, enabling unauthorized information disclosure without user interaction. No patch is currently available for this issue.
A reflected cross-site scripting (XSS) vulnerability exists in the WP eMember WordPress plugin by Tips and Tricks HQ, affecting all versions up to and including 10.2.2. An attacker can craft malicious URLs that, when clicked by authenticated users, execute arbitrary JavaScript in the victim's browser context. This vulnerability has been publicly disclosed by Patchstack with no indication of active exploitation in the wild or KEV listing at this time.
WP eMember through version 10.2.2 contains an authorization bypass flaw that allows unauthenticated remote attackers to circumvent access control restrictions and view protected content. The vulnerability stems from improper validation of security level configurations, enabling unauthorized information disclosure without user interaction. No patch is currently available for this issue.
A reflected cross-site scripting (XSS) vulnerability exists in the WP eMember WordPress plugin by Tips and Tricks HQ, affecting all versions up to and including 10.2.2. An attacker can craft malicious URLs that, when clicked by authenticated users, execute arbitrary JavaScript in the victim's browser context. This vulnerability has been publicly disclosed by Patchstack with no indication of active exploitation in the wild or KEV listing at this time.