CVE-2026-28073

Name of the Vulnerable Software and Affected Versions WP eMember versions through 10.2.2

Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting (XSS) issue. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists because the application does not properly sanitize input before including it in the generated HTML output. The vulnerable component is susceptible to attacks where an attacker crafts a malicious URL containing the XSS payload. When a user clicks on this URL, the malicious script is executed in their browser within the context of the vulnerable website. The affected parameter is not specified.

Recommendations Update WP eMember to a version later than 10.2.2.