24 matches found
CVE-2026-57709 WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through = 3.1.0...
CVE-2026-57709
CVE-2026-57709 affects the WordPress plugin WP Swings Membership For WooCommerce (Membership For WooCommerce) up to version 3.1.0. The issue is a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file deletion. CVSS v3.1 base sc...
WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by sebbealb in WordPress Plugin Membership For WooCommerce versions = 3.1.0...
CVE-2025-67909
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...
EUVD-2025-205273
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...
CVE-2025-67909 WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...
CVE-2025-67909
CVE-2025-67909 affects Membership For WooCommerce (WordPress plugin). It is listed as an unauthenticated authorization bypass via a user-controlled key (unauthorized access/IDOR) affecting the plugin up to and including version 3.0.3. Wordfence’s vulnerability details indicate this CVE has been p...
CVE-2025-67909 WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...
WordPress plugin Membership For WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization bypass vulnerability exists in the WordPress Membership For WooCommerce plugin that originates from an authorization bypass via a user-controlled key, which can...
PT-2025-53250
Name of the Vulnerable Software and Affected Versions WP Swings Membership For WooCommerce versions through 3.0.3 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows bypassing authorization through a user-controlled key. The issue...
EUVD-2025-17540
Malicious code in bioql PyPI...
CVE-2025-54692 WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through = 2.9.0...
CVE-2025-54692 WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through = 2.9.0...
CVE-2025-54692
CVE-2025-54692 describes a missing authorization flaw in the WordPress plugin “Membership For WooCommerce” that allows access to functionality not properly constrained by ACLs. The vulnerability affects Membership For WooCommerce versions up to 2.9.0. The CVSS data indicates high impact (CVSS 3.1...
WordPress plugin Membership For WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Membership For WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-4395
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...
CVE-2025-39579 WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through = 2.8.0...
CVE-2025-39579
CVE-2025-39579 is a DOM-based XSS in WordPress plugin Membership For WooCommerce (versions up to 2.8.0). The vulnerability arises from improper input neutralization during web page generation and is exploitable by an authenticated user with low privileges, requiring user interaction. CVSS v3.1 ba...
CVE-2025-39579 WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through = 2.8.0...