35 matches found
CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemusermemberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemusermemberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-4610
CVE-2025-4610 affects the WP-Members Membership Plugin for WordPress (versions up to and including 3.5.2). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wpmem_user_memberships shortcode caused by insufficient input sanitization and output escaping of user-provided attributes. E...
WordPress plugin WP-Members Membership Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2025-21782 · WordPress · Wp-Members Membership Plugin
Name of the Vulnerable Software and Affected Versions: WP-Members Membership Plugin versions up to, and including, 3.5.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpmem user memberships shortcode due to insufficient input sanitization and output escaping on...
WordPress WP-Members plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpmemusermemberships Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin WP-Members versions = 3.5.2...
CVE-2024-10374
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemloginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress WP-Members Plugin <= 3.4.9.5 is vulnerable to Cross Site Scripting (XSS)
Software WP-Members Type Plugin Vulnerable versions = 3.4.9.5 Fixed in 3.4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b793b5e43f7e Credits Peter Thaleikis Required...
CVE-2024-9231 WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web...
Cross site scripting
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6733 WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data includin...
WordPress wp-members plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-members is a website membership plugin used in it. Cross-site request forgery vulnerability exists in WordPress wp-member plugin...
Cross site request forgery (csrf)
The wp-members plugin before 3.2.8 for WordPress has CSRF...
PT-2019-14328 · WordPress · Wp-Members Plugin
Name of the Vulnerable Software and Affected Versions: wp-members plugin versions prior to 3.2.8 Description: The issue concerns a CSRF problem. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited...
WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)
No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...