CVE-2024-5715: 
WordPress vulnerability analysis and mitigation

The wp-eMember WordPress plugin before version 10.6.7 contains a Reflected Cross-Site Scripting vulnerability identified as CVE-2024-5715. The vulnerability was discovered and publicly disclosed on June 22, 2024, affecting the member edit functionality of the plugin. The issue stems from inadequate parameter sanitization and escaping in the plugin's output handling (WPScan).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue, with a CVSS v3.1 base score of 7.1 (HIGH). The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, no privileges required, and user interaction required. The vulnerability is mapped to CWE-79 (Cross-site Scripting) (NVD, WPScan).

The vulnerability could be exploited against high-privilege users such as administrators. When successfully exploited, it allows attackers to execute arbitrary JavaScript code in the context of the targeted user's browser session (WPScan).

The vulnerability has been patched in version 10.6.7 of the wp-eMember WordPress plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).