WP-Members Membership Plugin
by WP-Members
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1852 | Hig | 0.47 | 7.2 | 0.01 | Apr 9, 2024 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated… | ||
| CVE-2026-2363 | Med | 0.35 | 6.5 | 0.00 | Mar 4, 2026 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and… | ||
| CVE-2025-58000 | Med | 0.34 | 5.3 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in memberful Memberful - Membership Plugin memberful-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberful - Membership Plugin: from n/a through <= 1.75.0. | ||
| CVE-2024-2920 | Med | 0.34 | 5.3 | 0.01 | Apr 26, 2024 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it… | ||
| CVE-2025-9489 | Med | 0.33 | 5.0 | 0.00 | Sep 9, 2025 | The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running… | ||
| CVE-2025-14448 | 0.00 | — | 0.00 | Jan 15, 2026 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This… |
- risk 0.47cvss 7.2epss 0.01
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
- risk 0.35cvss 6.5epss 0.00
The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in memberful Memberful - Membership Plugin memberful-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberful - Membership Plugin: from n/a through <= 1.75.0.
- risk 0.34cvss 5.3epss 0.01
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it…
- risk 0.33cvss 5.0epss 0.00
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running…
- CVE-2025-14448Jan 15, 2026risk 0.00cvss —epss 0.00
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This…