CVE-2024-5744 | WP-FeedStats wp-eMember Plugin up to 10.6.6 on WordPress Attribute $_SERVER[‘REQUEST_URI’] cross site scripting

Inserito da Angelo Barbosa | Lug 13, 2024 | CVE

A vulnerability, which was classified as problematic, was found in WP-FeedStats wp-eMember Plugin up to 10.6.6 on WordPress. This affects an unknown part of the component Attribute Handler. The manipulation of the argument $_SERVER[‘REQUEST_URI’] leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-5744. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-5744 | WP-FeedStats wp-eMember Plugin up to 10.6.6 on WordPress Attribute $_SERVER[‘REQUEST_URI’] cross site scripting

Post correlati

CVE-2023-52446 | Linux Kernel up to 6.1/6.6.13/6.7.1 BPF /test_progs btf_put use after free (59e5791f59dd/d048dced8ea5/f9ff6ef1c73c)

CVE-2024-39307 | Kareadita Kavita up to 0.8.0 cross site scripting (GHSA-r4qc-3w52-2v84)

CVE-2024-51434 | Froala WYSIWYG Editor up to 4.3.0 Tag Parser cross site scripting

CVE-2024-2468 | EmbedPress Plugin up to 3.9.12 on WordPress Widget Attribute cross site scripting