First published: Wed Sep 08 2021(Updated: )
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Konnichiwa | <=0.8.3 |
Uninstall plugin from WordPress site.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Konnichiwa! Membership WordPress plugin vulnerability is CVE-2021-38317.
CVE-2021-38317 has a severity rating of 6.1, which is considered medium.
The vulnerability in the Konnichiwa! Membership WordPress plugin allows attackers to perform Reflected Cross-Site Scripting by exploiting the plan_id parameter in the subscriptions.html.php file.
Versions up to and including 0.8.3 of the Konnichiwa! Membership WordPress plugin are affected by CVE-2021-38317.
Yes, it is recommended to update to a version of the Konnichiwa! Membership WordPress plugin that is not affected by CVE-2021-38317.