WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-12492

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

EUVD-2009-0431

Malware in sbrugna...

EUVD-2024-53013

Malicious code in bioql PyPI...

EUVD-2025-6085

Malicious code in bioql PyPI...

CVE-2024-56215

Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through = 1.7.0...

CVE-2024-1287

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector...

CVE-2024-56215

Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through = 1.7.0...

CVE-2024-56215

Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0...

CVE-2024-56215 WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through = 1.7.0...

WordPress plugin Member Directory and Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-36749 · Unknown · Member Directory/Contact Form

Name of the Vulnerable Software and Affected Versions: Stephen Sherrard Member Directory and Contact Form versions 1.7.0 and earlier Description: The issue affects the Member Directory and Contact Form, allowing exploitation of incorrectly configured access control security levels due to a missin...

WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Member Directory and Contact Form versions = 1.7.0...

CVE-2024-1287

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector...

CVE-2024-1287

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector...

CVE-2024-1287 Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure via SQLi

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector...

CVE-2024-1287 Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure via SQLi

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector...

CVE-2024-1287

CVE-2024-1287 affects the WordPress plugin Pay Memberships Pro - Member Directory Add On (pmpro-member-directory) prior to version 1.2.6. The issue allows users with at least the Contributor role to leak other users’ sensitive information, including password hashes, via an SQL Injection vector. R...

PT-2024-17770 · Unknown · Pmpro-Member-Directory

Name of the Vulnerable Software and Affected Versions: pmpro-member-directory versions prior to 1.2.6 Description: The issue allows users with at least the contributor role to leak other users' sensitive information, including password hashes. Recommendations: For versions prior to 1.2.6, update ...

WordPress Paid Memberships Pro - Member Directory Add On Plugin < 1.2.6 is vulnerable to SQL Injection

Software Paid Memberships Pro - Member Directory Add On Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1287 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7039256f577b Credits Scott Kingsley Clark...