CVE-2015-4039

Name of the Vulnerable Software and Affected Versions: WP Membership plugin version 1.2.3

Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified profile fields or new post content, potentially leading to cross-site scripting (XSS) attacks. This can be used to bypass the administrator confirmation step for new post content.

Recommendations: For WP Membership plugin version 1.2.3, update to a version that fixes the XSS vulnerabilities to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to profile fields and new post content to minimize the risk of exploitation.