The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
This Cyber News was published on www.tenable.com. Publication date: Tue, 04 Jun 2024 16:56:32 +0000