Lucene search
+L

394 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:50 a.m.8 views

CVE-2024-7649

The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS6.1AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.7 views

CVE-2024-3210

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to...

6.4CVSS4.8AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:39 a.m.4 views

CVE-2024-4383

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.10 views

CVE-2024-10374

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemloginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.8AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:1 a.m.5 views

CVE-2024-11090

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have bee...

7.5CVSS6.8AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:53 a.m.12 views

CVE-2024-10517

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...

4.8CVSS5.7AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.10 views

CVE-2024-11088

The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

7.5CVSS6.8AI score0.00619EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.4 views

CVE-2023-0254

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges...

7.2CVSS6.6AI score0.0088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:23 a.m.9 views

CVE-2023-52200

Cross-Site Request Forgery CSRF, Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile &...

9.8CVSS8.6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.10 views

CVE-2023-47668

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...

7.5CVSS6.7AI score0.01009EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.15 views

CVE-2022-4469

The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.9AI score0.00534EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:46 p.m.9 views

CVE-2022-45083

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...

7.2CVSS7AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 6:40 p.m.22 views

CVE-2025-3278

The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'userregisterrole' field. This makes it possible for...

9.8CVSS7.5AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/22 6:0 a.m.41 views

CVE-2025-2594 User Registration & Membership < 4.1.3 - Authentication Bypass

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

0.07427EPSS
Exploits4References1
NVD
NVD
added 2025/04/19 3:15 a.m.16 views

CVE-2025-3278

The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'userregisterrole' field. This makes it possible for...

9.8CVSS0.00514EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.8 views

PT-2025-17352 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 5.1.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonc...

4.3CVSS5.4AI score0.00142EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.8 views

PT-2025-17351 · WordPress · Urbango Membership

Name of the Vulnerable Software and Affected Versions: UrbanGo Membership plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is related to privilege escalation due to the plugin allowing users who are registering new accounts to set their own role or by supplying the...

9.8CVSS9.7AI score0.00514EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.11 views

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS8.6AI score0.46384EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 2025/04/12 12:0 a.m.6 views

PT-2025-16167 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update any user's membership to any...

5.3CVSS6.2AI score0.00266EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.11 views

PT-2025-13036

Name of the Vulnerable Software and Affected Versions User Registration & Membership WordPress plugin versions prior to 4.1.2 Description The issue concerns a privilege escalation problem in the User Registration & Membership WordPress plugin. This problem allows unauthenticated users to gain adm...

8.1CVSS8.1AI score0.46384EPSS
Exploits7References32
Rows per page
Query Builder