VYPR

YourMembership Single Sign On – YM SSO Login

by WordPress

CVEs (2)

  • CVE-2023-37986MedSep 1, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions.

  • CVE-2025-10648MedOct 15, 2025
    risk 0.27cvss 5.3epss 0.00

    The YourMembership Single Sign On – YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moym_display_test_attributes' function in all versions up to, and including, 1.1.7. This makes it possible for…