Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Network-reachable unauthenticated SQLi in a WordPress plugin shares the DB with core, justifying S:C and C:H; SQLi typically permits some write (I:L) but rarely DoS, so A:N.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
AnalysisAI
Unauthenticated SQL injection in the WP eMember WordPress plugin versions prior to 10.9.4 allows remote attackers to inject arbitrary SQL through unsanitized input handled by the plugin. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 9.3 with a scope change, indicating impact beyond the vulnerable component; no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only that the target WordPress site has the WP eMember plugin installed and activated at a version below 10.9.4, and that the vulnerable plugin endpoint is reachable over the network - consistent with the CVSS vector AV:N/AC:L/PR:N/UI:N (no authentication, no user interaction, low complexity). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability shows several high-risk signals: CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N indicates remote, low-complexity, unauthenticated, no-user-interaction exploitation, and S:C with C:H means confidential data outside the plugin's security scope (entire WordPress database) can be read. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends a crafted HTTP request to a vulnerable WP eMember endpoint with a malicious SQL payload in a parameter that is concatenated into a backend query, causing the WordPress database to return data from arbitrary tables. The attacker enumerates wp_users and wp_usermeta to harvest password hashes and session tokens, then cracks or replays them to gain administrator access; no public exploit identified at time of analysis, but Patchstack advisories typically include enough detail for rapid weaponization. |
| Remediation | Vendor-released patch: WP eMember 10.9.4 - site administrators should upgrade the plugin to 10.9.4 or later via the WordPress plugin updater immediately, referencing the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wp-emember/vulnerability/wordpress-wp-emember-plugin-v10-9-4-sql-injection-vulnerability for confirmation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all WordPress instances running WP eMember plugin and document current versions; disable or restrict external access to affected instances where possible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Wp Emember
View allThe wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to m
The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the
The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as we
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as w
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, whi
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the
A reflected cross-site scripting (XSS) vulnerability exists in the WP eMember WordPress plugin by Tips and Tricks HQ, af
Sensitive data exposure in the WP eMember WordPress plugin (Tips and Tricks HQ) through version 10.2.2 allows unauthenti
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37644