VYPR

Wpcom Member

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-1475CriMar 7, 2025
    risk 0.57cvss 9.8epss 0.01

    The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'user_phone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any…

  • CVE-2024-7493CriSep 6, 2024
    risk 0.57cvss 9.8epss 0.01

    The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers…

  • CVE-2025-14002HigDec 16, 2025
    risk 0.46cvss 8.1epss 0.00

    The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP (One-Time Password) generation using only 6 numeric digits combined with a 10-minute validity window and no rate…