Vulnerabilities > Caseproof > Memberpress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-43956 | Missing Authorization vulnerability in Caseproof Memberpress Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | 9.8 |
| 2024-05-22 | CVE-2024-5025 | Cross-site Scripting vulnerability in Caseproof Memberpress The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-22 | CVE-2024-5031 | Server-Side Request Forgery (SSRF) vulnerability in Caseproof Memberpress The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. | 6.4 |
| 2024-04-09 | CVE-2024-1412 | Cross-site Scripting vulnerability in Caseproof Memberpress The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. | 6.1 |