Simple Membership
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24660 | Hig | 0.46 | 7.1 | 0.00 | Feb 3, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages simple-membership-custom-messages allows Reflected XSS.This issue affects Simple Membership Custom Messages: from n/a through <= 2.4. | ||
| CVE-2025-49333 | Med | 0.38 | 5.9 | 0.00 | Jun 6, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership simple-membership allows Stored XSS.This issue affects Simple Membership: from n/a through <= 4.6.3. | ||
| CVE-2026-24986 | Med | 0.35 | 5.4 | 0.00 | Feb 3, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through <= 1.9.1. | ||
| CVE-2024-49682 | Med | 0.31 | 4.7 | 0.00 | Oct 24, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3. | ||
| CVE-2026-25308 | Med | 0.28 | 4.3 | 0.00 | Feb 19, 2026 | Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9. | ||
| CVE-2023-41957 | 0.00 | — | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4. | |||
| CVE-2023-41956 | 0.00 | — | 0.01 | May 17, 2024 | Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4. |
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages simple-membership-custom-messages allows Reflected XSS.This issue affects Simple Membership Custom Messages: from n/a through <= 2.4.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership simple-membership allows Stored XSS.This issue affects Simple Membership: from n/a through <= 4.6.3.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through <= 1.9.1.
- risk 0.31cvss 4.7epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.
- CVE-2023-41957May 17, 2024risk 0.00cvss —epss 0.01
Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
- CVE-2023-41956May 17, 2024risk 0.00cvss —epss 0.01
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.