CVE-2024-5744

Name of the Vulnerable Software and Affected Versions: wp-eMember WordPress plugin versions prior to 10.6.7

Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because the $ SERVER['REQUEST URI'] parameter is not properly escaped before being outputted back in an attribute. This could potentially lead to security issues in older web browsers.

Recommendations: For versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.