VYPR

Wp Members

by WordPress

Source repositories

CVEs (9)

  • CVE-2025-7495MedJul 22, 2025
    risk 0.42cvss 6.4epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2025-4610MedMay 17, 2025
    risk 0.42cvss 6.4epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2023-6733MedJan 4, 2024
    risk 0.42cvss 6.5epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract…

  • CVE-2017-2222MedJul 7, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2024-2920MedApr 26, 2024
    risk 0.34cvss 5.3epss 0.01

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it…

  • CVE-2025-12648MedJan 7, 2026
    risk 0.27cvss 5.3epss 0.00

    The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) without implementing…

  • CVE-2023-2869MedJul 12, 2023
    risk 0.21cvss 4.3epss 0.01

    The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with…

  • CVE-2025-14448Jan 15, 2026
    risk 0.00cvss epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This…

  • CVE-2019-15660Aug 27, 2019
    risk 0.00cvss epss 0.01

    The wp-members plugin before 3.2.8 for WordPress has CSRF.