Vulnerabilities > Butlerblog
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-10374 | Cross-site Scripting vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-22 | CVE-2024-9231 | Cross-site Scripting vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. | 6.1 |
| 2024-01-04 | CVE-2023-6733 | Missing Authorization vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. | 6.5 |
| 2023-07-12 | CVE-2023-2869 | Unspecified vulnerability in Butlerblog Wp-Members The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. | 4.3 |
| 2019-08-27 | CVE-2019-15660 | Cross-Site Request Forgery (CSRF) vulnerability in Butlerblog Wp-Members The wp-members plugin before 3.2.8 for WordPress has CSRF. | 8.8 |
| 2017-07-07 | CVE-2017-2222 | Cross-site Scripting vulnerability in Butlerblog Wp-Members 3.1.7 Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |