Vulnerabilities > Caseproof > Memberpress > 1.11.18

DATE CVE VULNERABILITY TITLE RISK
2024-05-22 CVE-2024-5025 Cross-site Scripting vulnerability in Caseproof Memberpress
The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping.
network
low complexity
caseproof CWE-79
5.4
5.4
2024-05-22 CVE-2024-5031 Server-Side Request Forgery (SSRF) vulnerability in Caseproof Memberpress
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode.
network
low complexity
caseproof CWE-918
6.4
6.4
2024-04-09 CVE-2024-1412 Cross-site Scripting vulnerability in Caseproof Memberpress
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping.
network
low complexity
caseproof CWE-79
6.1
6.1