CVE-2023-4719

CVSS V2 None CVSS V3 None
Description
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link.
Overview
  • CVE ID
  • CVE-2023-4719
  • Assigner
  • security@wordfence.com
  • Vulnerability Status
  • Received
  • Published Version
  • 2023-09-06T02:15:09
  • Last Modified Date
  • 2023-09-06T02:15:09
History
Created Old Value New Value Data Type Notes
2023-09-06 03:14:30 Added to TrackCVE
2023-09-06 03:14:34 Weakness Enumeration new