Vulnerabilities > Butlerblog > WP Members > 3.2.9.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-10374 | Cross-site Scripting vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-22 | CVE-2024-9231 | Cross-site Scripting vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. | 6.1 |
| 2024-04-09 | CVE-2024-1852 | Cross-site Scripting vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-03-08 | CVE-2024-1987 | Cross-site Scripting vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-04 | CVE-2023-6733 | Missing Authorization vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. | 6.5 |