CVE-2026-2363

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' attribute of the wpmemusermembershipposts shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-2363

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' attribute of the wpmemusermembershipposts shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-2363 WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' attribute of the wpmemusermembershipposts shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-2363

CVE-2026-2363 : The WP-Members Membership Plugin for WordPress is vulnerable to an SQL Injection via the order_by attribute in the [wpmem_user_membership_posts] shortcode, affecting all versions up to 3.5.5.1. The issue arises from insufficient escaping and improper query preparation, allowing au...

WordPress WP-Members Membership plugin plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability discovered by shark3y in WordPress Plugin WP-Members versions = 3.5.4.3...

CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-12648

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories wp-content/uploads/wpmembers/userfiles// without implementing proper access controls beyond bas...

CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories wp-content/uploads/wpmembers/userfiles// without implementing proper access controls beyond bas...

CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories wp-content/uploads/wpmembers/userfiles// without implementing proper access controls beyond bas...

CVE-2025-12648

CVE-2025-12648 (WP-Members Membership Plugin) is a disclosed vulnerability where unauthenticated actors can access user-uploaded documents via direct URLs due to files being stored in predictable directories (wp-content/uploads/wpmembers/user_files//) with only basic directory protections (e.g., ...

PT-2026-1552

Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin for WordPress versions up to and including 3.5.4.4 Description The WP-Members Membership Plugin for WordPress stores user-uploaded files in predictable directories wp-content/uploads/wpmembers/user files// without...

EUVD-2017-11405

Malware in sbrugna...

EUVD-2025-18865

Malicious code in bioql PyPI...

EUVD-2025-30649

Malicious code in bioql PyPI...

WordPress WP-Members Plugin <= 3.5.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP-Members versions = 3.5.4.2...

CVE-2025-57973

CVE-2025-57973 is a stored XSS in the WordPress plugin WP-Members (vulnerable up to 3.5.4.2). The denial of details in the connected docs confirms the issue arises from improper input neutralization during web page generation, allowing attacker-supplied content to be stored and reflected in pages...

PT-2025-38823

Name of the Vulnerable Software and Affected Versions Chad Butler WP-Members versions through 3.5.4.2 Description The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting issue. This allows for Stored XSS attacks. The issue...

WordPress plugin WP-Members 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

CVE-2025-9489

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2025-9489

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...