WP-Members <= 3.1.7 – Authenticated Cross-Site Scripting (XSS) | CVE 2017-2222

Affects Plugins

wp-members

Fixed in 3.1.8

References

CVE

CVE-2017-2222

URL

https://jvn.jp/en/jp/JVN51355647/index.html

URL

https://plugins.trac.wordpress.org/changeset/1667369/#file12

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

b78e3857-5019-46c0-a92a-19db35532ca4

Timeline

Publicly Published

2017-07-13 (about 8 years ago)

Added

2017-07-16 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2023-05-03

Title

OSM – OpenStreetMap < 6.0.6 - Contributor+ Stored XSS via Shortcode

Published

2024-06-06

Title

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget

Published

2025-04-01

Title

Magical Blocks < 2.0.0 - Contributor+ Stored XSS

Published

2024-04-16

Title

Restaurant Menu – Food Ordering System – Table Reservation < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-02-09

Title

E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)