CVE-2024-5081

Name: Websites susceptible to CVE-2024-5081
Creator: WebTechSurvey

CVE-2024-5081

WP eMember <= v10.7.0 - Stored XSS via CSRF

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

We have discovered 581 live websites that are affected by CVE-2024-5081.

Run a Free Instant Scan

Affected Software


Product	Wp eMember
Category	Wordpress Plugins
Vulnerable Domains	581 live websites (77% of Wp eMember install base)
Vulnerable Versions	from 0 through 10.7
Vulnerable Versions Count	73 versions ( 80% of all versions)

Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Available Reports

Website List

Details

Published - Aug 5, 2024
Updated - Aug 5, 2024

Credits

Bob Matyas (finder)
WPScan (coordinator)

CVE References

CWE References

cwe.mitre.org

CWE

CWE-79

Website Distribution by Country

Number of websites using CVE-2024-5081

United States	289 websites

GB	43 websites
Germany	29 websites
Hungary	28 websites
Australia	27 websites
France	25 websites
Canada	23 websites
Italy	17 websites
Bulgaria	16 websites
Sweden	10 websites

Website Distribution by TLD

Number of websites using CVE-2024-5081

.com	296 websites
.org	68 websites
.net	18 websites
.co.uk	17 websites
.ca	15 websites
.com.au	11 websites
.nl	10 websites
.se	9 websites
.org.uk	9 websites
.it	9 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-5081

Top websites that are affected by CVE-2024-5081. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
***********.org	United States	,*
************.org	United States	,*
***.com	United States	*,*
**************.com	United States	*,*
****************.com	United States	*,*
********************.org	Germany	*,*
********.com	United States	*,*
*******.com	United States	*,*
***********.com	United States	*,*
************.ro	Germany	*,*

See full domain list

FAQ

CVE-2024-5081 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Wp eMember

A total of 581 websites have been identified as vulnerable to CVE-2024-5081, based on global website indexing conducted by WebTechSurvey.

The Wp eMember is affected by the CVE-2024-5081 vulnerability.

Wp eMember versions up to 10.7 are vulnerable to CVE-2024-5081.

CVE-2024-5081 is resolved in version 10.7 of Wp eMember.

References

https://wpscan.com/vulnerability/4f02bdb5-5cf6-4519-9586-fd4fb3d45dea/

CVE-2024-5081

Affected Software

Common Weakness Enumeration

Available Reports

Details

Credits

CVE References

CWE References

CWE

Website Distribution by Country

Website Distribution by TLD

Vulnerable Versions

Websites affected by CVE-2024-5081

What type of vulnerability is CVE-2024-5081?

How many websites are affected by the CVE-2024-5081 vulnerability?

Which technology is affected by CVE-2024-5081?

Which versions of Wp eMember are vulnerable to CVE-2024-5081?

In which version of Wp eMember is the CVE-2024-5081 vulnerability resolved?

References