According to a security advisory from Defiant, attackers might use a high-severity cross-site scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary code into web pages.
The flaw, known as CVE-2024-1852, results from poor input sanitization and output escaping, allowing an attacker to create accounts with a malicious script stored as the user’s IP address. An attacker could use WP-Members Membership’s user registration functionality to fill out and submit a registration form.
Read More : Security Flaw in WP-Members Plugin Leads to Script Injection
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
