CVE-2024-5081

Name of the Vulnerable Software and Affected Versions: wp-eMember WordPress plugin versions prior to 10.7.0

Description: The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations: For versions prior to 10.7.0, update to version 10.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to areas where CSRF attacks could be initiated until a patch is applied. Avoid using potentially vulnerable features in the wp-eMember plugin until the issue is resolved.