CVE-2024-13121

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 13, 2025

Updated: Feb 19, 2025

Summary

CVE-2024-13121 is a vulnerability affecting the Paid Membership Plugin for WordPress. Before version 4.15.20, the plugin failed to properly sanitize and escape certain settings. This issue could enable high privilege users, such as administrators, to execute Stored Cross-Site Scripting attacks. Even if the unfiltered_html capability is disallowed, particularly in multisite setups, the vulnerability can still be exploited.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2F5SJJ
https://www.cve.org/CVERecord?id=CVE-2024-13121
https://nvd.nist.gov/vuln/detail/CVE-2024-13121

Back to Vulnerability Database

CVE-2024-13121

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations