VYPR

WP-Members Membership Plugin

by WP-Members

Source repositories

CVEs (6)

  • CVE-2024-1852HigApr 9, 2024
    risk 0.47cvss 7.2epss 0.01

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2026-2363MedMar 4, 2026
    risk 0.35cvss 6.5epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and…

  • CVE-2025-58000MedSep 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in memberful Memberful - Membership Plugin memberful-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberful - Membership Plugin: from n/a through <= 1.75.0.

  • CVE-2024-2920MedApr 26, 2024
    risk 0.34cvss 5.3epss 0.01

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it…

  • CVE-2025-9489MedSep 9, 2025
    risk 0.33cvss 5.0epss 0.00

    The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running…

  • CVE-2025-14448Jan 15, 2026
    risk 0.00cvss epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This…

VYPR — Vulnerability Intelligence