CVE-2024-5079: 
WordPress vulnerability analysis and mitigation

The wp-eMember WordPress plugin before version 10.6.7 contains a stored cross-site scripting vulnerability. The vulnerability was discovered and disclosed on June 22, 2024, affecting the member registration functionality of the plugin. The issue stems from insufficient sanitization and escaping of input fields during the member registration process (WPScan).

The vulnerability exists due to improper sanitization and escaping of input fields in the member registration functionality. When members register, certain fields are not properly sanitized, allowing malicious scripts to be stored and executed. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows unauthenticated users to perform Stored Cross-Site Scripting (XSS) attacks. When successful, the stored malicious scripts can be executed in the context of other users' browsers, potentially leading to theft of sensitive information or manipulation of the website content (WPScan).

The vulnerability has been patched in wp-eMember version 10.6.7. Site administrators are strongly advised to update to this version or later to protect against potential XSS attacks (WPScan).