Skip to main content

Wp Members

8 CVEs product

Monthly

CVE-2025-14448 MEDIUM PATCH This Month

WP-Members Membership Plugin (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 5.4).

WordPress XSS Wp Members PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-10374 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Members
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9231 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Members
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1852 HIGH This Week

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Members
NVD VulDB
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-1987 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Members
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-2869 MEDIUM PATCH This Month

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Members
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2019-15660 HIGH This Week

The wp-members plugin before 3.2.8 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Members
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-2222 MEDIUM This Month

Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Members
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

WP-Members Membership Plugin (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 5.4).

WordPress XSS Wp Members +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Members
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Members
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Members
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Members
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Members
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The wp-members plugin before 3.2.8 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Members
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Members
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy