GCVE - cpe:2.3:a:tipsandtricks-hq:wp_emember:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:tipsandtricks-hq:wp_emember:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Tipsandtricks Hq (`526308cc-12ad-5324-8e9d-ae125b4b0839`)
Product	Wp Emember (`c10c5100-5bea-533c-82dc-b74cdfb19339`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5715`	vulnerable	2026-06-03 14:57:53.903963	WP eMember < 10.6.7 - Reflected XSS via Member Edit The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-07-13T06:00:12.983Z Updated: 2024-08-01T21:18:06.857Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/d86bc001-51ae-4dcc-869b-80c91251cc2e/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5080`	vulnerable	2026-06-03 14:57:51.678355	WP eMember < 10.6.6 - Admin+ Arbitrary File Upload The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server Published: 2024-07-13T06:00:09.543Z Updated: 2024-08-01T21:03:10.803Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5076`	vulnerable	2026-06-03 14:57:51.669985	WP eMember < 10.6.6 - Bulk Delete via CSRF The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Published: 2024-07-13T06:00:08.934Z Updated: 2024-08-01T21:03:10.703Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/01cbc841-a30f-4df5-ab7f-0c2c7469657b/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5075`	vulnerable	2026-06-03 14:57:51.669580	WP eMember < 10.6.6 - Reflected XSS The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-07-13T06:00:08.729Z Updated: 2024-08-01T21:03:10.348Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/b47d93d6-5511-451a-853f-c8b0fba20969/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5074`	vulnerable	2026-06-03 14:57:51.667914	WP eMember < 10.6.6 - Reflected XSS The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-07-13T06:00:08.534Z Updated: 2024-08-01T21:03:10.754Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/174a2ba8-0215-480f-93ec-83ebc4a3200e/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4749`	vulnerable	2026-06-03 14:57:16.114499	WP eMember < 10.3.9 - Reflected XSS The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Published: 2024-06-04T06:00:02.802Z Updated: 2024-08-01T20:47:41.749Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/6cc05a33-6592-4d35-8e66-9b6a9884df7e/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.