Wp Members
by WordPress
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7495 | Med | 0.42 | 6.4 | 0.00 | Jul 22, 2025 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.… | ||
| CVE-2025-4610 | Med | 0.42 | 6.4 | 0.00 | May 17, 2025 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2023-6733 | Med | 0.42 | 6.5 | 0.00 | Jan 4, 2024 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract… | ||
| CVE-2017-2222 | Med | 0.40 | 6.1 | 0.02 | Jul 7, 2017 | Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2024-2920 | Med | 0.34 | 5.3 | 0.01 | Apr 26, 2024 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it… | ||
| CVE-2025-12648 | Med | 0.27 | 5.3 | 0.00 | Jan 7, 2026 | The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) without implementing… | ||
| CVE-2023-2869 | Med | 0.21 | 4.3 | 0.01 | Jul 12, 2023 | The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with… | ||
| CVE-2025-14448 | 0.00 | — | 0.00 | Jan 15, 2026 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This… | |||
| CVE-2019-15660 | 0.00 | — | 0.01 | Aug 27, 2019 | The wp-members plugin before 3.2.8 for WordPress has CSRF. |
- risk 0.42cvss 6.4epss 0.00
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.…
- risk 0.42cvss 6.4epss 0.00
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.42cvss 6.5epss 0.00
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract…
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.34cvss 5.3epss 0.01
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it…
- risk 0.27cvss 5.3epss 0.00
The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) without implementing…
- risk 0.21cvss 4.3epss 0.01
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with…
- CVE-2025-14448Jan 15, 2026risk 0.00cvss —epss 0.00
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This…
- CVE-2019-15660Aug 27, 2019risk 0.00cvss —epss 0.01
The wp-members plugin before 3.2.8 for WordPress has CSRF.