CVE-2024-5744 Information

Description

The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute which could lead to Reflected Cross-Site Scripting in old web browsers

Reference

https://wpscan.com/vulnerability/ba50e25c-7250-4025-a72f-74f8eb756246/