Vulnerabilities > Caseproof > Memberpress > 1.11.27

DATE CVE VULNERABILITY TITLE RISK
2024-05-22 CVE-2024-5025 Cross-site Scripting vulnerability in Caseproof Memberpress
The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping.
network
low complexity
caseproof CWE-79
5.4
5.4
2024-05-22 CVE-2024-5031 Server-Side Request Forgery (SSRF) vulnerability in Caseproof Memberpress
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode.
network
low complexity
caseproof CWE-918
6.4
6.4