298 matches found
WordPress Simple Membership <4.1.1 - Cross-Site Scripting
WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions. id: CVE-2022-1724 info: name: WordPress Simple Membership 4.1.1 - Cross-Site Scripting author:...
CVE-2026-11855 Simple Membership < 4.7.5 - Unauthenticated Stored XSS via Stripe Webhook API Version
The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...
CVE-2026-11855
The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...
CVE-2026-11855
CVE-2026-11855 affects the Simple Membership WordPress plugin prior to 4.7.5. The issue arises because Stripe webhook requests are not authenticated when no signing secret is configured, and a value taken from those requests is not escaped before being output in an administrator notice. This lead...
CVE-2026-12093
The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...
CVE-2026-12093
The CVE-2026-12093 entry concerns the WordPress Simple Membership plugin (versions up to and including 4.7.5). The root cause is missing authorization verification, enabling unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded Stripe webhook with a victim...
EUVD-2026-37847
The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...
WordPress Simple Membership plugin <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation vulnerability
Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation vulnerability discovered by Nikita Fenko - self in WordPress Plugin Simple Membership versions = 4.7.5...
EUVD-2026-36917
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
CVE-2026-42663
Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...
CVE-2026-34886
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
CVE-2026-42663 WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...
CVE-2026-42663
CVE-2026-42663 affects WordPress plug‑in Simple Membership (versions ≤ 4.7.2). Unauthenticated Cross Site Scripting (XSS) vulnerability reported. Connected sources confirm the impact type but do not provide concrete exploit details, affected files, root cause, or remediation steps within the supp...
EUVD-2026-36828
Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...
CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
CVE-2026-34886
The CVE-2026-34886 entry affects WordPress WordPress Simple Membership plugin versions
PT-2026-49454
Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...
PT-2026-49362
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Simple Membership versions = 4.7.2...