VYPR

S2member Pro

by WordPress

CVEs (2)

  • CVE-2024-12562Feb 15, 2025
    risk 0.00cvss epss 0.01

    The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject…

  • CVE-2011-5082Mar 19, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field).