VYPR

WP-Members Membership Plugin

by WordPress

Source repositories

CVEs (9)

  • CVE-2024-1852HigApr 9, 2024
    risk 0.47cvss 7.2epss 0.01

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2025-7495MedJul 22, 2025
    risk 0.42cvss 6.4epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2025-4610MedMay 17, 2025
    risk 0.42cvss 6.4epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-10374MedOct 25, 2024
    risk 0.42cvss 6.4epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-1987MedMar 8, 2024
    risk 0.42cvss 6.4epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2023-6733MedJan 4, 2024
    risk 0.42cvss 6.5epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract…

  • CVE-2024-2920MedApr 26, 2024
    risk 0.34cvss 5.3epss 0.01

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it…

  • CVE-2025-9489MedSep 9, 2025
    risk 0.33cvss 5.0epss 0.00

    The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running…

  • CVE-2024-9231MedOct 22, 2024
    risk 0.33cvss 6.1epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to…