CVE-2025-12018

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2025-119992

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-12018

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-12018 MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-12018

MembershipWorks – Membership, Events & Directory (WordPress) versions up to and including 6.14 are affected by a stored cross-site scripting vulnerability in admin settings due to inadequate input sanitization and output escaping. Exploitation requires an authenticated attacker with administrator...

CVE-2025-12018 MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress MembershipWorks plugin <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin MembershipWorks versions = 6.14...

PT-2025-46568

Name of the Vulnerable Software and Affected Versions MembershipWorks – Membership, Events & Directory plugin for WordPress versions prior to 6.14 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping...

WordPress plugin MembershipWorks – Membership, Events & Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...