VYPR

Binary Mlm Plan

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-47671HigMay 23, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binary MLM Plan: from n/a through <= 3.0.

  • CVE-2025-10038MedOct 15, 2025
    risk 0.35cvss 6.5epss 0.00

    The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmp_user role granting all users with the manage_bmp capability by default upon registration through the plugin's form. This makes it…

  • CVE-2025-11895MedOct 17, 2025
    risk 0.28cvss 4.3epss 0.00

    The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmp_user_payout_detail_of_current_user() function selecting payout records solely by id without verifying ownership. This makes it…

VYPR — Vulnerability Intelligence