Security Flaw in WP-Members Plugin Leads to Script Injection
April 2, 2024 at 11:39AM A high-severity XSS vulnerability in WP-Members Membership plugin, tracked as CVE-2024-1852, allows attackers to inject malicious scripts into web pages via user registration functionality. The issue arises from insufficient input sanitization and output escaping. Version 3.4.9.3 contains a patch, but users are urged to update installations promptly due to the … Read more