CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories wp-content/uploads/wpmembers/userfiles// without implementing proper access controls beyond bas...

WordPress WP-Members Membership Plugin plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files vulnerability

Unauthenticated Information Exposure via Unprotected Files vulnerability discovered by thinnawarth mathuros in WordPress Plugin WP-Members versions = 3.5.4.4...