Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.6 views

CVE-2025-67909

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...

7.5CVSS7AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/24 3:30 p.m.2 views

EUVD-2025-205273

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...

8.1CVSS6.5AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/24 1:10 p.m.3 views

CVE-2025-67909 WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...

7.5CVSS6.6AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 1:10 p.m.12 views

CVE-2025-67909

CVE-2025-67909 affects Membership For WooCommerce (WordPress plugin). It is listed as an unauthenticated authorization bypass via a user-controlled key (unauthorized access/IDOR) affecting the plugin up to and including version 3.0.3. Wordfence’s vulnerability details indicate this CVE has been p...

7.5CVSS6.6AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/24 1:10 p.m.27 views

CVE-2025-67909 WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...

7.5CVSS0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

WordPress plugin Membership For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization bypass vulnerability exists in the WordPress Membership For WooCommerce plugin that originates from an authorization bypass via a user-controlled key, which can...

7.5CVSS6.5AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53250

Name of the Vulnerable Software and Affected Versions WP Swings Membership For WooCommerce versions through 3.0.3 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows bypassing authorization through a user-controlled key. The issue...

8.1CVSS6.7AI score0.00327EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-17540

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00289EPSS
Exploits0References2
CVE
CVE
added 2025/08/14 10:34 a.m.29 views

CVE-2025-54692

CVE-2025-54692 describes a missing authorization flaw in the WordPress plugin “Membership For WooCommerce” that allows access to functionality not properly constrained by ACLs. The vulnerability affects Membership For WooCommerce versions up to 2.9.0. The CVSS data indicates high impact (CVSS 3.1...

7.5CVSS5.9AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 10:34 a.m.12 views

CVE-2025-54692 WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through = 2.9.0...

7.5CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.2 views

CVE-2025-54692 WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through = 2.9.0...

7.5CVSS5.9AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.2 views

WordPress plugin Membership For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.7AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.2 views

WordPress plugin Membership For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS7.3AI score0.00289EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:8 a.m.17 views

CVE-2022-4395

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...

9.8CVSS7.1AI score0.17569EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/04/16 12:44 p.m.16 views

CVE-2025-39579 WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through = 2.8.0...

6.5CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.13 views

CVE-2025-39579 WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through = 2.8.0...

6.5CVSS7.2AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 12:44 p.m.49 views

CVE-2025-39579

CVE-2025-39579 is a DOM-based XSS in WordPress plugin Membership For WooCommerce (versions up to 2.8.0). The vulnerability arises from improper input neutralization during web page generation and is exploitable by an authenticated user with low privileges, requiring user interaction. CVSS v3.1 ba...

6.5CVSS7.2AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

WordPress plugin Membership For WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.7AI score0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/30 8:31 p.m.12 views

CVE-2022-4395 Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...

9.7AI score0.17569EPSS
Exploits2References1
CVE
CVE
added 2023/01/30 8:31 p.m.120 views

CVE-2022-4395

The CVE-2022-4395 entry describes a vulnerability in the WordPress plugin “Membership For WooCommerce” prior to version 2.1.7 where uploaded files are not validated, allowing unauthenticated users to upload arbitrary files (e.g., PHP), enabling remote code execution. Affected software: Membership...

9.8CVSS9.6AI score0.17569EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder