CVE-2024-1987 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1987?
CVE-2024-1987 is a medium-severity vulnerability affecting the WP-Members Membership Plugin for WordPress in all versions up to and including 3.4.9.1. This stored cross-site scripting (XSS) issue allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. The vulnerability impacts WordPress websites using the affected versions of the WP-Members Membership Plugin.
Who is impacted?
The CVE-2024-1987 vulnerability affects WordPress websites using the WP-Members Membership Plugin, specifically all versions up to and including 3.4.9.1. This stored cross-site scripting (XSS) issue allows attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. Users of the affected plugin versions should be aware of this vulnerability and its potential impact on their website's security.
What to do if CVE-2024-1987 affected you
If you're affected by the CVE-2024-1987 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:
Update the WP-Members Membership Plugin to version 3.4.9.2 or a newer patched version.
Regularly check for updates and apply them as needed.
Follow best practices for WordPress security, such as using strong passwords and keeping all plugins, themes, and WordPress core up to date.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1987 vulnerability, known as Stored Cross-Site Scripting in WP-Members Membership Plugin for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on March 8, 2024. To address this vulnerability, users should update the plugin to version 3.4.9.2 or a newer patched version.
Weakness Enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2024-1987 is a medium-severity vulnerability affecting the WP-Members Membership Plugin for WordPress, with potential consequences such as unauthorized access to sensitive information and system control. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1987 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1987?
CVE-2024-1987 is a medium-severity vulnerability affecting the WP-Members Membership Plugin for WordPress in all versions up to and including 3.4.9.1. This stored cross-site scripting (XSS) issue allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. The vulnerability impacts WordPress websites using the affected versions of the WP-Members Membership Plugin.
Who is impacted?
The CVE-2024-1987 vulnerability affects WordPress websites using the WP-Members Membership Plugin, specifically all versions up to and including 3.4.9.1. This stored cross-site scripting (XSS) issue allows attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. Users of the affected plugin versions should be aware of this vulnerability and its potential impact on their website's security.
What to do if CVE-2024-1987 affected you
If you're affected by the CVE-2024-1987 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:
Update the WP-Members Membership Plugin to version 3.4.9.2 or a newer patched version.
Regularly check for updates and apply them as needed.
Follow best practices for WordPress security, such as using strong passwords and keeping all plugins, themes, and WordPress core up to date.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1987 vulnerability, known as Stored Cross-Site Scripting in WP-Members Membership Plugin for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on March 8, 2024. To address this vulnerability, users should update the plugin to version 3.4.9.2 or a newer patched version.
Weakness Enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2024-1987 is a medium-severity vulnerability affecting the WP-Members Membership Plugin for WordPress, with potential consequences such as unauthorized access to sensitive information and system control. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1987 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1987?
CVE-2024-1987 is a medium-severity vulnerability affecting the WP-Members Membership Plugin for WordPress in all versions up to and including 3.4.9.1. This stored cross-site scripting (XSS) issue allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. The vulnerability impacts WordPress websites using the affected versions of the WP-Members Membership Plugin.
Who is impacted?
The CVE-2024-1987 vulnerability affects WordPress websites using the WP-Members Membership Plugin, specifically all versions up to and including 3.4.9.1. This stored cross-site scripting (XSS) issue allows attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. Users of the affected plugin versions should be aware of this vulnerability and its potential impact on their website's security.
What to do if CVE-2024-1987 affected you
If you're affected by the CVE-2024-1987 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:
Update the WP-Members Membership Plugin to version 3.4.9.2 or a newer patched version.
Regularly check for updates and apply them as needed.
Follow best practices for WordPress security, such as using strong passwords and keeping all plugins, themes, and WordPress core up to date.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1987 vulnerability, known as Stored Cross-Site Scripting in WP-Members Membership Plugin for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on March 8, 2024. To address this vulnerability, users should update the plugin to version 3.4.9.2 or a newer patched version.
Weakness Enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2024-1987 is a medium-severity vulnerability affecting the WP-Members Membership Plugin for WordPress, with potential consequences such as unauthorized access to sensitive information and system control. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions