CVE-2026-54811 WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

CVE-2026-54811

CVE-2026-54811 : Affected software is the WordPress WP eMember plugin versions older than 10.9.4. The issue is an unauthenticated SQL Injection in the plugin, allowing an attacker with network access (no user credentials, no UI interaction) to potentially read or exfiltrate data. The CVSS metrics...

CVE-2026-49077 WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-49077

CVE-2026-49077 concerns the WordPress WP eMember plugin and affects versions up to v10.2.2 (n/a through v10.2.2). It is described as an exposure of sensitive system information to an unauthorized control sphere, enabling retrieval of embedded sensitive data. The CVSS v3.1 base score is 5.3 (Mediu...

WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WP eMember versions = v10.2.2...

EUVD-2026-13051

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28070 WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28070 WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28070

The CVE concerns the WordPress WP eMember plugin ≤ v10.2.2, where a Missing Authorization vulnerability enables exploitation of misconfigured access control security levels. Affected component is the WP eMember access control mechanism, with root cause described as broken access control. CVSS 3.1...

WordPress plugin WP eMember 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress WP eMember plugin < 10.6.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

WordPress WP eMember plugin < 10.6.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

CVE-2024-5081

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5075

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5079

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...

CVE-2024-5074

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5715

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5744

The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress WP eMember plugin <= 10.7.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions v10.7.0...

CVE-2024-5081 WP eMember <= v10.7.0 - Stored XSS via CSRF

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...