Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field).
2012-03-19T18:55:02.453
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | s2member | s2member | ≤ 111216 | Yes |
| Application | s2member | s2member | 110604 | Yes |
| Application | s2member | s2member | 110605 | Yes |
| Application | s2member | s2member | 110606 | Yes |
| Application | s2member | s2member | 110617 | Yes |
| Application | s2member | s2member | 110620 | Yes |
| Application | s2member | s2member | 110708 | Yes |
| Application | s2member | s2member | 110709 | Yes |
| Application | s2member | s2member | 110710 | Yes |
| Application | s2member | s2member | 110731 | Yes |
| Application | s2member | s2member | 110812 | Yes |
| Application | s2member | s2member | 110815 | Yes |
| Application | s2member | s2member | 110912 | Yes |
| Application | s2member | s2member | 110913 | Yes |
| Application | s2member | s2member | 110915 | Yes |
| Application | s2member | s2member | 110926 | Yes |
| Application | s2member | s2member | 110927 | Yes |
| Application | s2member | s2member | 111002 | Yes |
| Application | s2member | s2member | 111003 | Yes |
| Application | s2member | s2member | 111011 | Yes |
| Application | s2member | s2member | 111017 | Yes |
| Application | s2member | s2member | 111029 | Yes |
| Application | s2member | s2member | 111105 | Yes |
| Application | s2member | s2member | 111206 | Yes |
| Application | wordpress | wordpress | * | No |