{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T02:04:22.465","vulnerabilities":[{"cve":{"id":"CVE-2023-4719","sourceIdentifier":"security@wordfence.com","published":"2023-09-06T02:15:09.500","lastModified":"2026-06-17T06:38:26.790","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link."},{"lang":"es","value":"El plugin Simple Membership para WordPress es vulnerable a Cross-Site Scripting (XSS) reflejado a través del parámetro \"list_type\" en versiones hasta, e incluyendo, la 4.3.5 debido a una insuficiente sanitización de entrada y escape de salida. Utilizando esta vulnerabilidad, los atacantes no autenticados podrían inyectar scripts web arbitrarios en las páginas que se están ejecutando si pueden engañar con éxito a un usuario para que realice una acción, como hacer clic en un enlace malicioso. "}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpinsider-1","product":"Simple Membership","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-05T18:37:43.202597Z","id":"CVE-2023-4719","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"4.3.6","matchCriteriaId":"CEA748C7-767E-47EA-A775-702A70311609"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2962730%40simple-membership&new=2962730%40simple-membership&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://wordpress.org/plugins/simple-membership/","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2962730%40simple-membership&new=2962730%40simple-membership&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://wordpress.org/plugins/simple-membership/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}