5 matches found
EUVD-2025-37406
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-11920
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-11920
CVE-2025-11920 – Local File Inclusion in WPCOM Member plugin for WordPress (versions up to 1.7.14) via the shortcode action parameter. Authenticated attackers with Contributor+ access can include/execute server-side PHP files, enabling code execution in scenarios where PHP files can be uploaded a...
CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
PT-2025-44697
Name of the Vulnerable Software and Affected Versions WPCOM Member versions prior to 1.7.15 Description The WPCOM Member plugin for WordPress is susceptible to Local File Inclusion. This issue affects versions up to and including 1.7.14 and is triggered through the action parameter within a...