CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Cvelist•added 3 days ago•24 views

CVE-2026-42663 WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS0.00161EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.2AI score0.00251EPSS

Exploits0References1

Cvelist•added 2025/06/06 12:53 p.m.•14 views

CVE-2025-49333 WordPress Simple Membership plugin <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wp.insider Simple Membership simple-membership allows Stored XSS.This issue affects Simple Membership: from n/a through = 4.6.3...

5.9CVSS0.00182EPSS

Exploits0References1

Patchstack•added 2024/10/21 12:0 a.m.•14 views

WordPress Simple Membership Plugin <= 4.5.3 is vulnerable to Open Redirection

Software Simple Membership Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.5.4 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-49682 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0c7afbddabf9 Credits Muhamad Agil Fachrian Required privilege...

6.1CVSS6.8AI score0.00251EPSS

Exploits0References2Affected Software1

NVD•added 2024/04/25 11:15 a.m.•12 views

CVE-2024-3730

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.1AI score0.0034EPSS

Exploits0References2

Patchstack•added 2024/04/25 12:0 a.m.•11 views

WordPress Simple Membership Plugin <= 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3730 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a1a8cd538bfd Credits Thanh Nam Tran Require...

5.4CVSS5.8AI score0.0034EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/03/06 12:0 a.m.•11 views

WordPress Simple Membership Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1985 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 92a2812ee783 Credits stealthcopter Required...

6.1CVSS6AI score0.00867EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/01/24 11:59 a.m.•2 views

CVE-2024-22308 WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1...

3.4CVSS7.1AI score0.00279EPSS

Exploits0References1

Patchstack•added 2024/01/19 12:0 a.m.•13 views

WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection

Software Simple Membership Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A4: Insecure Design Classification Open Redirection CVE CVE-2024-22308 Patch priority Low CVSS severity Low 3.4 Developer Claim ownership PSID e9d8815a7ad6 Credits Joshua Chan Required privilege...

6.1CVSS6.5AI score0.00279EPSS

Exploits0References2Affected Software1

Patchstack•added 2023/09/25 12:0 a.m.•9 views

WordPress Simple Membership Plugin <= 4.3.4 is vulnerable to Privilege Escalation

Software Simple Membership Type Plugin Vulnerable versions = 4.3.4 Fixed in 4.3.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-41956 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9136913b17b8 Credits Rafie...

8.8CVSS6.8AI score0.007EPSS

Exploits0References2Affected Software1

Patchstack•added 2022/01/25 12:0 a.m.•26 views

WordPress Simple Membership plugin <= 4.0.8 - Arbitrary Member Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Member Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Simple Membership plugin versions = 4.0.8. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.0.9...

4.7CVSS3.7AI score0.00464EPSS

Exploits2References3Affected Software1

Packet Storm•added 2019/07/29 12:0 a.m.•123 views

WordPress Simple Membership 3.8.4 Cross Site Request Forgery

Exploit Title: Cross Site Request Forgery in Wordpress Simple Membership plugin Date: 2019-07-27 Exploit Author: rubyman Vendor Homepage: https://wordpress.org/plugins/simple-membership/ wpvulndb : https://wpvulndb.com/vulnerabilities/9482 Version: 3.8.4 Tested on: Windows 8.1 CVE : CVE-2019-1432...

0.0315EPSS

Exploits6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by