Lucene search
+L

97 matches found

Cvelist
Cvelist
added 2026/01/07 2:21 a.m.31 views

CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories wp-content/uploads/wpmembers/userfiles// without implementing proper access controls beyond bas...

5.3CVSS0.00255EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/17 10:17 p.m.10 views

WordPress Team Members Showcase plugin <= 3.4.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Gregory Allegoet in WordPress Plugin Team Members Plugin versions = 3.4.0...

7.1CVSS6.3AI score0.00169EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11042

Malware in sbrugna...

5.4CVSS5.5AI score0.00656EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-2642

Malware in sbrugna...

6.8CVSS6.4AI score0.0097EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31398

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/28 2:41 a.m.8 views

CVE-2025-8440

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2025/09/27 2:15 a.m.6 views

CVE-2025-8440

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/27 1:46 a.m.2 views

CVE-2025-8440 Team Members <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS4.7AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2025/09/27 1:46 a.m.27 views

CVE-2025-8440

The CVE CVE-2025-8440 affects the Team Members WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the first-name and last-name fields across all versions up to and including 5.3.5 due to insufficient input sanitization and output escaping. Attack prerequisites: authenti...

6.4CVSS4.7AI score0.00222EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/22 7:5 p.m.6 views

WordPress WP-Members Plugin <= 3.5.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP-Members versions = 3.5.4.2...

5.5CVSS6AI score0.00176EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/22 6:24 p.m.1 views

CVE-2025-57973 WordPress WP-Members Plugin <= 3.5.4.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chad Butler WP-Members allows Stored XSS. This issue affects WP-Members: from n/a through 3.5.4.2...

5.5CVSS5.6AI score0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

WordPress plugin WP-Members Membership Plugin 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exist...

5CVSS7.4AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2025/07/22 4:25 a.m.42 views

CVE-2025-7495

CVE-2025-7495 corresponds to a Stored Cross-Site Scripting flaw in the WP-Members Membership Plugin for WordPress. Multiple sources confirm that versions up to and including 3.5.4.1 are affected due to insufficient input sanitization and output escaping on the wpmem_login_link shortcode, allowing...

6.4CVSS5.5AI score0.003EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/22 4:25 a.m.26 views

CVE-2025-7495 WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmemloginlink' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS0.003EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/22 4:25 a.m.7 views

CVE-2025-7495 WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmemloginlink' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.9AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.8 views

PT-2025-30379 · WordPress · Wp-Members Membership Plugin

Name of the Vulnerable Software and Affected Versions: WP-Members Membership Plugin versions through 3.5.4.1 Description: The WP-Members Membership Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the wpmem login link shortcode. Insufficient input sanitization and output...

6.4CVSS5.7AI score0.003EPSS
Exploits0References10
Patchstack
Patchstack
added 2025/07/21 10:7 p.m.14 views

WordPress WP-Members plugin <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WP-Members versions = 3.5.4.1...

6.4CVSS5.5AI score0.003EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/20 3:3 p.m.5 views

CVE-2025-50051 WordPress WP-Members plugin <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chad Butler WP-Members allows Stored XSS.This issue affects WP-Members: from n/a through 3.5.4...

6.5CVSS6.4AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:3 p.m.27 views

CVE-2025-50051

CVE-2025-50051 is a stored XSS in WordPress WP-Members (WP-Members plugin) up to version 3.5.4, caused by improper input neutralization during web page generation. Affected: WP-Members

6.5CVSS5.9AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.10 views

CVE-2023-2869

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...

4.3CVSS6.4AI score0.00503EPSS
Exploits0References1
Rows per page
Query Builder