Lucene search
K

96 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-12426

The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the membersfilterprotectedpostsforrest. This makes it possible for unauthenticated attackers to extract determine the existence...

5.3CVSS0.00273EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-12426 Members <= 3.2.22 - Unauthenticated Sensitive Information Disclosure via REST API Pagination Side Channel

The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the membersfilterprotectedpostsforrest. This makes it possible for unauthenticated attackers to extract determine the existence...

5.3CVSS0.00273EPSS
Exploits0References6
CVE
CVE
added 4 days ago16 views

CVE-2026-12426

The CVE-2026-12426 affects the WordPress plugin Members – Membership & User Role Editor, up to version 3.2.22. The vulnerability enables unauthenticated attackers to perform sensitive information exposure via the REST API pagination side channel, using the members_filter_protected_posts_for_rest ...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43125

The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the membersfilterprotectedpostsforrest. This makes it possible for unauthenticated attackers to extract determine the existence...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/30 2:30 a.m.36 views

CVE-2026-12114 Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/30 2:30 a.m.14 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References9
CVE
CVE
added 2026/06/30 2:30 a.m.19 views

CVE-2026-12114

The CVE-2026-12114 entry concerns the WordPress plugin “Team Members – Multi Language Supported Team”. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings present in all versions up to 8.7, caused by insufficient input sanitization and output escaping. It affects multisite i...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/30 2:30 a.m.11 views

EUVD-2026-40249

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/01 9:16 a.m.8 views

WordPress Team Members Showcase plugin <= 3.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Team Members versions = 3.3.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 7:51 a.m.7 views

CVE-2026-2363

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' attribute of the wpmemusermembershipposts shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/03/04 7:16 a.m.4 views

CVE-2026-2363

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' attribute of the wpmemusermembershipposts shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/04 6:26 a.m.3 views

CVE-2026-2363 WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' attribute of the wpmemusermembershipposts shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/03/04 6:26 a.m.22 views

CVE-2026-2363

CVE-2026-2363 : The WP-Members Membership Plugin for WordPress is vulnerable to an SQL Injection via the order_by attribute in the [wpmem_user_membership_posts] shortcode, affecting all versions up to 3.5.5.1. The issue arises from insufficient escaping and improper query preparation, allowing au...

6.5CVSS6AI score0.00254EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/03 11:48 p.m.8 views

WordPress WP-Members Membership Plugin plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability

Authenticated Contributor+ SQL Injection via 'orderby' Shortcode Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP-Members versions = 3.5.5.1...

6.5CVSS6AI score0.00254EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/16 5:28 a.m.16 views

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.1AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/15 5:24 a.m.26 views

CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/15 5:24 a.m.5 views

CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS4.8AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.9 views

PT-2026-2982

Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to and including 3.5.4.3 Description The WP-Members Membership Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Multiple Checkbox and Multiple Select user profile fields...

5.4CVSS5.6AI score0.00187EPSS
Exploits0References6
CVE
CVE
added 2026/01/07 2:21 a.m.16 views

CVE-2025-12648

CVE-2025-12648 (WP-Members Membership Plugin) is a disclosed vulnerability where unauthenticated actors can access user-uploaded documents via direct URLs due to files being stored in predictable directories (wp-content/uploads/wpmembers/user_files//) with only basic directory protections (e.g., ...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 2:21 a.m.30 views

CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories wp-content/uploads/wpmembers/userfiles// without implementing proper access controls beyond bas...

5.3CVSS0.00255EPSS
Exploits0References4
Rows per page
Query Builder